search

code-423n4 / 2024-04-revert-mitigation-findings

1 stars 1 forks source link

M-21 MitigationConfirmed #23

Open c4-bot-3 opened 4 months ago

c4-bot-3 commented 4 months ago

Lines of code

Vulnerability details

C4 issue

M-21: Dangerous use of deadline parameter

Comment

In the original implementation, sometimes block.timestamp is used as deadline for uniswap operation instead of the users' deadline input. Setting deadline as block.timestamp has no effect since the deadline value is compared exactly to block.timestamp in UniswapV3 checkDeadline modifier.

Mitigation

PR #24 The block.timestamp now is replaced with deadline in every related code. Some examples:

function decreaseLiquidityAndCollect(DecreaseLiquidityAndCollectParams calldata params)
        external
        override
        returns (uint256 amount0, uint256 amount1)
    {
        ...

        (amount0, amount1) = nonfungiblePositionManager.decreaseLiquidity(
            INonfungiblePositionManager.DecreaseLiquidityParams(
                params.tokenId, params.liquidity, params.amount0Min, params.amount1Min, params.deadline
            )
        );
        ...
    }

The mitigation solved the original issue.

Conclusion

LGTM

c4-judge commented 4 months ago

jhsagd76 marked the issue as satisfactory