Actions in the Uniswap NonfungiblePositionManager contract are protected by a deadline parameter to limit the execution of pending transactions. Functions that modify the liquidity of the pool check this parameter against the current block timestamp in order to discard expired actions.
User provided deadline arguments are utilized in transformers AutoRange.sol and LeverageTransformer.sol while interacting with the Uniswap NFT Position Manager. However, the execute() function in AutoCompound.sol uses block.timestamp as the deadline argument, which defeats the purpose of using a deadline. Using block.timestamp as the deadline is effectively a no-operation that has no effect nor protection. Since block.timestamp will take the timestamp value when the transaction gets mined, the check will end up comparing block.timestamp against itself.
Failure to provide a proper deadline value enables pending transactions to be maliciously executed at a later point in detriment of the submitter.
Add a deadline parameter to the ExecuteParams struct and forward it to the corresponding underlying call to the Uniswap NonfungiblePositionManager contract.
Lines of code
https://github.com/code-423n4/2024-03-revert-lend/blob/main/src/transformers/AutoCompound.sol#L163
Vulnerability details
Impact
Actions in the Uniswap NonfungiblePositionManager contract are protected by a deadline parameter to limit the execution of pending transactions. Functions that modify the liquidity of the pool check this parameter against the current block timestamp in order to discard expired actions.
User provided deadline arguments are utilized in transformers AutoRange.sol and LeverageTransformer.sol while interacting with the Uniswap NFT Position Manager. However, the execute() function in AutoCompound.sol uses block.timestamp as the deadline argument, which defeats the purpose of using a deadline. Using block.timestamp as the deadline is effectively a no-operation that has no effect nor protection. Since block.timestamp will take the timestamp value when the transaction gets mined, the check will end up comparing block.timestamp against itself.
Failure to provide a proper deadline value enables pending transactions to be maliciously executed at a later point in detriment of the submitter.
AutoCompound.sol #L161-165 :
Tools Used
Manual Review
Recommended Mitigation Steps
Add a deadline parameter to the ExecuteParams struct and forward it to the corresponding underlying call to the Uniswap NonfungiblePositionManager contract.
Assessed type
Uniswap