search

code-423n4 / 2024-05-predy-findings

10 stars 9 forks source link

No `deadline` parameter on `swapExactIn` and `swapExactOut` can lead to less faourable swaps. #272

Closed howlbot-integration[bot] closed 2 months ago

howlbot-integration[bot] commented 2 months ago

Lines of code

https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/settlements/UniswapSettlement.sol#L22 https://github.com/code-423n4/2024-05-predy/blob/a9246db5f874a91fb71c296aac6a66902289306a/src/settlements/UniswapSettlement.sol#L38

Vulnerability details

Impact

Without a deadline,transaction might execute at an unexpected time when the price is significantly different, leading to higher slippage and unfavorable execution. this will lead to swap results which are very different from the quote value.

Proof of Concept

Lets say that a user intends to swap base for underlying using the swapExactIn. since there is no deadline check that ensures that the swap occurs within a set timeframe in which the swap is favorable to them, the transaction may occur at much less favorable conditions maybe due to price change, or as slippage tends to its maximum value.

function swapExactOut(
        address quoteToken,
        address,
        bytes memory data,
        uint256 amountOut,
        uint256 amountInMaximum,
        address recipient
    ) external override returns (uint256 amountIn) {
        ERC20(quoteToken).safeTransferFrom(msg.sender, address(this), amountInMaximum);
        ERC20(quoteToken).approve(address(_swapRouter), amountInMaximum);

        //more code...

Tools Used

Manual review

Recommended Mitigation Steps

Implement deadline parameter and deadline checks.

Assessed type

DoS

c4-judge commented 2 months ago

alex-ppg marked the issue as unsatisfactory: Invalid