UniSwapper.sol#swapExactOut/swapExactIn - omitted deadline parameters #24
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
insufficient quality report
This report is not of sufficient quality
primary issue
Highest quality submission among a set of duplicates
unsatisfactory
does not satisfy C4 submission criteria; not eligible for awards
Comments
|
raymondfam marked the issue as insufficient quality report |
|
raymondfam marked the issue as primary issue |
|
The protocol is aware of that and makes a preference to comment it out for various reasons e.g. inconsequential on layerzero etc with slippage already in place. |
This was referenced Jan 23, 2024
This was referenced Jan 24, 2024
Closed
Closed
This was referenced Jan 24, 2024
Closed
|
The absence of the The submission argues that arbitrage attacks and delayed execution can be taken advantage of to acquire a profit, however, the transactions will never execute as #117 correctly states. Based on the above, I will invalidate this and all relevant submissions due to being incorrect as no transaction will properly execute. |
|
alex-ppg marked the issue as unsatisfactory: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2024-01-decent/blob/07ef78215e3d246d47a410651906287c6acec3ef/src/swappers/UniSwapper.sol#L123-L141
https://github.com/code-423n4/2024-01-decent/blob/07ef78215e3d246d47a410651906287c6acec3ef/src/swappers/UniSwapper.sol#L143-L169
Vulnerability details
Impact
The UniSwapper contract contains the logic to execute either a cross-chain or same-chain swaps using UniswapV3's exact params functions, but an important check is omitted.
Proof of Concept
As it can be seen in both the exact params' construction, the
deadlineparameter for the swaps is omitted, disabling it entirely, allowing the transaction to be a greater target to MEV.One could argue that the slippage checks present in both functions is sufficient enough but that's not the case since the user could potentially be missing out on refunded value he could have saved or more out amount that he got due to the missing slippage, had he used a deadline parameter. Another impact of MEV is the transaction being forced into reverting swaps using the slippage against itself.
Tools Used
Manual Review
Recommended Mitigation Steps
Let the user specify a deadline parameter as part of his swap payload or instructions
Assessed type
Uniswap
The text was updated successfully, but these errors were encountered: