c4-judge
commented
1 year ago Picodes marked the issue as unsatisfactory: Invalid
Closed code423n4 closed 1 year ago
c4-judge
commented
1 year ago Picodes marked the issue as unsatisfactory: Invalid
Picodes
commented
1 year ago As we don't know the implementation of the liquidate contract yet this would be OOS
Lines of code
https://github.com/GenerationSoftware/pt-v5-vault/blob/b1deb5d494c25f885c34c83f014c8a855c5e2749/src/Vault.sol#L550-#L556
Vulnerability details
Impact
Due to absence of deadline parameter , pending transactions to be maliciously executed at a later point.
Proof of Concept
The liquidate() in
Vault.solis basically a swap between prize tokens and Vault shares. Without the presence of a deadline parameter , a User can unknowingly perform bad swaps. 1) Alice wants to liquidate 100 prize tokens with Vault shares at an exchange rate of 2:1. 2)The transaction is submitted to the mempool, however, Alice chose a transaction fee that is too low for miners to be interested in including her transaction in a block. The transaction stays pending in the mempool for extended periods, which could be hours, days, weeks, or even longer. 3) When the average gas fee dropped far enough for Alice's transaction to become interesting again for miners to include it, her liquidation process will be executed. But by this time the exchange rate changed from 2:1 to 3:1 causing bad swaps.Tools Used
Manual Review
Recommended Mitigation Steps
Introduce a deadline parameter to the liquidate().
Assessed type
Other