Using block.timestamp for swap deadline offers no protection
Summary
The StrategyPassiveManagerVelodrome.sol::_mintPosition function uses block.timestamp for the swap deadline, which provides no protection against transaction manipulation by malicious validators.
Vulnerability Detail
block.timestamp is used as the deadline for minting position in
StrategyPassiveManagerVelodrome.sol::_mintPosition317
In the PoS model, proposers know well in advance if they will propose one or consecutive blocks ahead of time. In such a scenario, a malicious validator can hold back the transaction and execute it at a more favourable block number.
Impact
This offers no protection as block.timestamp will have the value of whichever block the txn is inserted into, hence the txn can be held indefinitely by malicious validators.
0xShoonya
medium
Using
block.timestampfor swap deadline offers no protectionSummary
The StrategyPassiveManagerVelodrome.sol::_mintPosition function uses block.timestamp for the swap deadline, which provides no protection against transaction manipulation by malicious validators.
Vulnerability Detail
block.timestampis used as the deadline for minting position inStrategyPassiveManagerVelodrome.sol::_mintPosition317In the PoS model, proposers know well in advance if they will propose one or consecutive blocks ahead of time. In such a scenario, a malicious validator can hold back the transaction and execute it at a more favourable block number.
Impact
This offers no protection as
block.timestampwill have the value of whichever block the txn is inserted into, hence the txn can be held indefinitely by malicious validators.Code Snippet
https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/42ef5f0eac1bc954e888cf5bfb85cbf24c08ec76/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L305-L327
Tool used
Manual Review
Recommendation
Consider allowing function caller to specify
deadlineinput parameter.Duplicate of #130