search

code-423n4 / 2023-08-dopex-findings

3 stars 3 forks source link

Incorrect expiration timestamp when swapping tokens #2217

Open code423n4 opened 1 year ago

code423n4 commented 1 year ago

Lines of code

https://github.com/code-423n4/2023-08-dopex/blob/main/contracts/amo/UniV3LiquidityAmo.sol#L289-L299

Vulnerability details

Impact

If the transaction gets stalled in the mempool it can can get executed at an inappropriate moment.

Proof of Concept

The Uniswap V3 AMO integrates Uniswap to provide liquidity and to execute swaps. The issue arises due to the protocol using an arbitrary timetamp in the future instead of an actual one that will protect the protocol from getting damaged due to precision loss.

ISwapRouter.ExactInputSingleParams memory swap_params = ISwapRouter
      .ExactInputSingleParams(
        _tokenA,
        _tokenB,
        _fee_tier,
        address(this),
                // @audit-issue inappropriate timestamp:
        2105300114, // Expiration: a long time from now
        _amountAtoB,
        _amountOutMinimum,
        _sqrtPriceLimitX96
      );

Tools Used

Manual review

Recommended Mitigation Steps

Consider swapping the timestamp with a value passed as params.

Assessed type

Uniswap

c4-pre-sort commented 1 year ago

bytes032 marked the issue as low quality report

c4-pre-sort commented 1 year ago

bytes032 marked the issue as primary issue

c4-pre-sort commented 12 months ago

bytes032 marked the issue as duplicate of #898

c4-pre-sort commented 12 months ago

bytes032 marked the issue as sufficient quality report

c4-judge commented 10 months ago

GalloDaSballo changed the severity to QA (Quality Assurance)

c4-judge commented 10 months ago

GalloDaSballo marked the issue as grade-b