kaysoft - use of block.timestamp for deadline on increase liquidity and decrease liquidity

[sherlock-admin]

kaysoft

medium

use of block.timestamp for deadline on increase liquidity and decrease liquidity

Summary

The use of block.timestamp as the deadline for increaseLiquidity operation can allow miners keep the transaction for longer until it is profitable for them.

Vulnerability Detail

(uint128 restoredLiquidity, , ) = underlyingPositionManager.increaseLiquidity(
            INonfungiblePositionManager.IncreaseLiquidityParams({
                tokenId: loan.tokenId,
                amount0Desired: amount0,
                amount1Desired: amount1,
                amount0Min: 0,
                amount1Min: 0,
                deadline: block.timestamp
            })
        );

Impact

Loss of funds by the user during market swings

Code Snippet

• https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/abstract/LiquidityManager.sol#L358
• https://github.com/sherlock-audit/2023-10-real-wagmi/blob/main/wagmi-leverage/contracts/abstract/LiquidityManager.sol#L405

  Tool used

  Manual Review

Recommendation

Allow timestamp be passed by the user offchain. This can be done on the frontend with currentTimestamp + 10 minutes

[sherlock-admin2]

1 comment(s) were left on this issue during the judging contest.

tsvetanovv commented:

There is a deadline check in parent function