When users buyShares, the transaction might end up in the queue due to network activity. Consequently, when the transaction executes, the minted shares may not match the desired output of the user
Vulnerability Detail
The buyShares function lacks a minimum output amount, which makes it more problematic without a deadline. If the network experiences congestion, transactions can remain pending in the queue and execute much later. This delay could result in users receiving fewer shares than they intended. Similar to selling shares, the buyShares function should also include a deadline check to prevent users' transactions from executing at inappropriate times.
Impact
Since the buyShares function does not have any minimum shares amount having no deadline on top of it makes it more prone to this attack vector. Even though that the minimum amount out is there, it is still problematic to not have a deadline
mstpr-brainbot
medium
"buyShares "lacks deadline parameter
Summary
When users buyShares, the transaction might end up in the queue due to network activity. Consequently, when the transaction executes, the minted shares may not match the desired output of the user
Vulnerability Detail
The buyShares function lacks a minimum output amount, which makes it more problematic without a deadline. If the network experiences congestion, transactions can remain pending in the queue and execute much later. This delay could result in users receiving fewer shares than they intended. Similar to selling shares, the buyShares function should also include a deadline check to prevent users' transactions from executing at inappropriate times.
Impact
Since the buyShares function does not have any minimum shares amount having no deadline on top of it makes it more prone to this attack vector. Even though that the minimum amount out is there, it is still problematic to not have a deadline
Code Snippet
https://github.com/sherlock-audit/2023-12-dodo-gsp/blob/af43d39f6a89e5084843e196fc0185abffe6304d/dodo-gassaving-pool/contracts/GasSavingPool/impl/GSPFunding.sol#L31-L82
Tool used
Manual Review
Recommendation
Add a deadline parameter to buyShares function just like sellShares
Duplicate of #109