The functions borrow() and repay() in LiquidationBorrowingManager.sol do not use the function parameter deadline of type uint256 effectively making it redundant to the protocol, due to the fact that the modifier checkDeadline(uint256 deadline) only checks that the deadline input paramter is greater than the current block timestamp.
Impact
For the borrow() function the deadline is not enforced for the period after which, once elapsed, the transaction is considered invalid and for the repay() function, the period in which a repayment must be made. The main area of concern is that at the current implementation the deadline parameter is not enforced and a result all transaction time frames are nullified.
I would recommend that the deadline input parameter be integrated into the borrowing or repayment data structures in storage in order to be verified against future transactions.
ReadyPlayer2
medium
Redundant deadline mechanism in LiquidationBorrowingManager possibly leading to postperiod calls.
Summary
In LiquidationBorrowingManager.sol the function
borrow(BorrowParams calldata params, uint256 deadline)
andrepay(RepayParams calldata params, uint256 deadline)
do not use thedeadline
parameter in order to enforce a borrowing validation period or repayment validation period.Vulnerability Detail
The functions
borrow()
andrepay()
in LiquidationBorrowingManager.sol do not use the function parameterdeadline
of typeuint256
effectively making it redundant to the protocol, due to the fact that the modifiercheckDeadline(uint256 deadline)
only checks that thedeadline
input paramter is greater than the current block timestamp.Impact
For the
borrow()
function the deadline is not enforced for the period after which, once elapsed, the transaction is considered invalid and for therepay()
function, the period in which a repayment must be made. The main area of concern is that at the current implementation the deadline parameter is not enforced and a result all transaction time frames are nullified.Code Snippet
modifier checkDeadline(uint256 deadline) { (_blockTimestamp() > deadline).revertError(ErrLib.ErrorCode.TOO_OLD_TRANSACTION); _; }
Tool used
Manual Review
Recommendation
I would recommend that the deadline input parameter be integrated into the borrowing or repayment data structures in storage in order to be verified against future transactions.