Uniswap 0 deadline

Summary

An invalid deadline is passed to Uniswap parameters.

Vulnerability Detail

UniV3SwapInput omits the deadline parameter, meaning it will get a default value of 0:

   function UniV3SwapInput(
        bytes memory _path,
        uint256 _sellAmount
    ) public override onlyBalancer {
        IV3SwapRouter.ExactInputParams memory params = IV3SwapRouter
            .ExactInputParams({
                path: _path,
                recipient: address(this),
                //deadline: block.timestamp,
                amountIn: _sellAmount,
                amountOutMinimum: 0
            });
        uniRouter.exactInput(params);
    }

From Uniswap docs: "deadline: the unix time after which a swap will fail, to protect against long-pending transactions and wild swings in prices"

In Uniswap v3 code, we can see the deadline is validated as follows:

    modifier checkDeadline(uint256 deadline) {
        require(_blockTimestamp() <= deadline, 'Transaction too old');
        _;
    }

This means that a deadline with a value of 0 is always < block timestamp, thus the execution will revert.

Impact

Swapping on the Uniswap router will always revert.

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L235

https://github.com/Uniswap/v3-periphery/blob/main/contracts/base/PeripheryValidation.sol

Tool used

Manual Review

Recommendation

Pass block.timestamp as the deadline.

Duplicate of #673

sherlock-audit / 2023-05-USSD-judging

HonorLt - Uniswap 0 deadline #921