code-423n4 / 2024-05-predy-findings

10 stars 9 forks source link

Lack of deadlines in swaps exposes vulnerabilities to potentially malicious executions. #144

Closed howlbot-integration[bot] closed 4 months ago

howlbot-integration[bot] commented 4 months ago

Lines of code

https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/settlements/UniswapSettlement.sol#L22

Vulnerability details

Impact

Despite the implementation of slippage settings, users may face significant losses if transactions linger in the mempool for too long, causing token prices to drop rapidly and making the slippage setting not effective.

Proof Of concept

Within the UniswapSettlement contract, swaps are executed without the enforcement of deadlines, which could lead to malicious executions. The code snippet involved is: solidity

function swapExactOut( address quoteToken, address, bytes memory data, uint256 amountOut, uint256 amountInMaximum, address recipient ) external override returns (uint256 amountIn) { ERC20(quoteToken).safeTransferFrom(msg.sender, address(this), amountInMaximum); ERC20(quoteToken).approve(address(_swapRouter), amountInMaximum);

amountIn = _swapRouter.exactOutput(
    ISwapRouter.ExactOutputParams(data, recipient, block.timestamp, amountOut, amountInMaximum)
);

if (amountInMaximum > amountIn) {
    ERC20(quoteToken).safeTransfer(msg.sender, amountInMaximum - amountIn);
}

}

Within Uniswap, these functions support swaps without enforcing deadlines, leaving transactions susceptible to potential manipulation while they wait in the mempool for an extended period

Tool Used

Manual review

Recommended Mitigation Steps

Use an appropriate deadline value in the swap functions to ensure transactions are completed promptly and reduce the potential for manipulation

Assessed type

Other

c4-judge commented 4 months ago

alex-ppg marked the issue as unsatisfactory: Invalid