As can be seen, the function is calling depositWithExpiry() passing the required parameters, yet the expiration parameter is set to its maximum value opening the door to any malicious validator to manipulate it to gain profit.
Tools Used
manual review
Recommended Mitigation Steps
the expiration should not be hardcoded. It is better to be user defined with proper checks.
Lines of code
https://github.com/code-423n4/2024-06-thorchain/blob/e3fd3c75ff994dce50d6eb66eb290d467bd494f5/chain/ethereum/contracts/THORChain_Router.sol#L466-L483
Vulnerability details
Impact
The process of migrating funds from the old router to the new one is handled with _routerDeposit() internal function.
As can be seen, the function is calling depositWithExpiry() passing the required parameters, yet the expiration parameter is set to its maximum value opening the door to any malicious validator to manipulate it to gain profit.
Tools Used
manual review
Recommended Mitigation Steps
the expiration should not be hardcoded. It is better to be user defined with proper checks.
Assessed type
MEV