Using block.timestamp for swap deadline offers no protection
Summary
The StrategyPassiveManagerVelodrome.sol::_mintPosition function uses block.timestamp for the swap deadline, which provides no protection against transaction manipulation by malicious validators.
Vulnerability Detail
block.timestamp is used as the deadline for minting position in
StrategyPassiveManagerVelodrome.sol::_mintPosition317
In the PoS model, proposers know well in advance if they will propose one or consecutive blocks ahead of time. In such a scenario, a malicious validator can hold back the transaction and execute it at a more favourable block number.
Impact
This offers no protection as block.timestamp will have the value of whichever block the txn is inserted into, hence the txn can be held indefinitely by malicious validators.
0xShoonya
medium
Using
block.timestamp
for swap deadline offers no protectionSummary
The StrategyPassiveManagerVelodrome.sol::_mintPosition function uses block.timestamp for the swap deadline, which provides no protection against transaction manipulation by malicious validators.
Vulnerability Detail
block.timestamp
is used as the deadline for minting position inStrategyPassiveManagerVelodrome.sol::_mintPosition
317In the PoS model, proposers know well in advance if they will propose one or consecutive blocks ahead of time. In such a scenario, a malicious validator can hold back the transaction and execute it at a more favourable block number.
Impact
This offers no protection as
block.timestamp
will have the value of whichever block the txn is inserted into, hence the txn can be held indefinitely by malicious validators.Code Snippet
https://github.com/sherlock-audit/2024-05-beefy-cowcentrated-liquidity-manager/blob/42ef5f0eac1bc954e888cf5bfb85cbf24c08ec76/cowcentrated-contracts/contracts/strategies/velodrome/StrategyPassiveManagerVelodrome.sol#L305-L327
Tool used
Manual Review
Recommendation
Consider allowing function caller to specify
deadline
input parameter.Duplicate of #130