Open hats-bug-reporter[bot] opened 3 days ago
Github username: @krkbaa Twitter username: 0xkrkba Submission hash (on-chain): 0x85bb6985d2b4a173688a5f750c2b1a2377aa4f614a07ba47015bfe1704ef26a6 Severity: medium
Description: Description\ in: https://github.com/Velvet-Capital/velvet-core/blob/849629b1aacf32d84634d8c4ef1378527bce3bb3/contracts/mock/UniSwapV2Handler.sol#L56-L63
also : https://github.com/Velvet-Capital/velvet-core/blob/849629b1aacf32d84634d8c4ef1378527bce3bb3/contracts/mock/UniSwapV2Handler.sol#L65-L95
a malicious validator can hold back the transaction and execute it at a more favourable block number.Consider allowing function caller to specify swap deadline input parameter. Attack Scenario\
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)
This issue is out of scope as the mock folder is excluded.
Github username: @krkbaa Twitter username: 0xkrkba Submission hash (on-chain): 0x85bb6985d2b4a173688a5f750c2b1a2377aa4f614a07ba47015bfe1704ef26a6 Severity: medium
Description: Description\ in: https://github.com/Velvet-Capital/velvet-core/blob/849629b1aacf32d84634d8c4ef1378527bce3bb3/contracts/mock/UniSwapV2Handler.sol#L56-L63
also : https://github.com/Velvet-Capital/velvet-core/blob/849629b1aacf32d84634d8c4ef1378527bce3bb3/contracts/mock/UniSwapV2Handler.sol#L65-L95
a malicious validator can hold back the transaction and execute it at a more favourable block number.Consider allowing function caller to specify swap deadline input parameter. Attack Scenario\
Attachments
Proof of Concept (PoC) File
Revised Code File (Optional)