The deadline check ensure that the transaction can be executed on time and the expired transaction revert.
Impact
The transaction can be pending in mempool for a long time and the trading activity is very time sensitive. Without deadline check, the trade transaction can be executed in a long time after the user submit the transaction, at that time, the trade can be done in a sub-optimal price, which harms user's position.
The deadline check ensure that the transaction can be executed on time and the expired transaction revert.
Invalid, deadline check implemented in router, where the function is expected to be called as seen here. Any other calls would be the user taking their own risk. Also known issue from previous audit here
0xShoonya
medium
The swap mechanism does not have a deadline parameter
Summary
The swap mechanism does not have a deadline parameter
Vulnerability Detail
swapExactAmountOut()
inTpdaLiquidationPair.sol
is missing thedeadline
parameterThe deadline check ensure that the transaction can be executed on time and the expired transaction revert.
Impact
The transaction can be pending in mempool for a long time and the trading activity is very time sensitive. Without deadline check, the trade transaction can be executed in a long time after the user submit the transaction, at that time, the trade can be done in a sub-optimal price, which harms user's position.
The deadline check ensure that the transaction can be executed on time and the expired transaction revert.
Code Snippet
https://github.com/sherlock-audit/2024-05-pooltogether/blob/1aa1b8c028b659585e4c7a6b9b652fb075f86db3/pt-v5-tpda-liquidator/src/TpdaLiquidationPair.sol#L122-L167
Tool used
Manual Review
Recommendation
Add a deadline timestamp parameter to the
swapExactAmountOut()
method and revert the transaction if the expiry has passed.