Using `block.timestamp` for swap deadline offers no protection

Summary

Using the block.timestamp is dangerous as it offers no protection at all.

Vulnerability Detail

Inside CrossCurrencyVaul:_depositFromNotional method, block.timestamp is passed as the deadline parameter. In such a scenario, a malicious validator can hold back the transaction and execute it at a more favourable block number.

Impact

Such delay can result in loss of funds for users and completing the trade at much more unfavourable conditions for them.

        Trade memory trade = Trade({
            tradeType: TradeType.EXACT_IN_SINGLE,
            sellToken: address(_underlyingToken()),
            buyToken: address(lendToken),
            amount: depositUnderlyingExternal,
            limit: params.minPurchaseAmount,
            deadline: block.timestamp, //@audit infinite deadline
            exchangeData: params.exchangeData
        });

Code Snippet

https://github.com/sherlock-audit/2023-10-notional/blob/main/leveraged-vaults/contracts/vaults/CrossCurrencyVault.sol#L177

Tool used

Manual Review

Recommendation

Consider passing _deadline as an input parameter so an appropriate check is in place that the trade will be completed in a specific timeframe.

Duplicate of #115

sherlock-audit / 2023-10-notional-judging

ddimitrov22 - Using `block.timestamp` for swap deadline offers no protection #116

Using `block.timestamp` for swap deadline offers no protection

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

sherlock-audit / 2023-10-notional-judging

ddimitrov22 - Using `block.timestamp` for swap deadline offers no protection #116

Using block.timestamp for swap deadline offers no protection

Summary

Vulnerability Detail

Impact

Code Snippet

Tool used

Recommendation

Using `block.timestamp` for swap deadline offers no protection