This repository has been archived by the owner on Feb 18, 2024. It is now read-only.
Breeje - Deadline check is still not effective, allowing outdated slippage and pending transaction to be unexpected executed later #6
Labels
Non-Reward
This issue will not receive a payout
Breeje
high
Deadline check is still not effective, allowing outdated slippage and pending transaction to be unexpected executed later
Summary
Referencing to the issue in Previous Audit: here, where sponsor confirmed it and marked it
Will Fix
. However, the attempted solution remains inadequate, as it relies on the utilization ofblock.timestamp
instead of the user-provided deadline. Consequently, the vulnerability highlighted in the finding continues to pose a potential risk within the existing contract.Vulnerability Detail
IchiSpell
uses Uniswap V3 Router in_withdraw
function to Swap withdrawn tokens to debt token.Link to Code
But here, the deadline parameter is simply passed in as current
block.timestamp
in which transaction occurs. This effectively means that transaction has no deadline, which means that the transaction may be included anytime by validators and remain pending in mempool, potentially exposing users to sandwich attacks by attackers or MEV bots.An even worse way this issue can be maliciously exploited is through MEV:
The transaction is still pending in the mempool. Average fees are still too high for validators to be interested in it. The price of ETH has gone up significantly since the transaction was signed, meaning Alice would receive a lot more when the trade is executed.
Even Lead Watson 0x52 rightly mentioned:
Impact
Stale value of slippage allows Sandwich attacks causing users to lose assets
Code Snippet
Shown above
Tool used
Manual Review
Recommendation
Use a user supplied deadline here in place of
block.timestamp
.Duplicate of #14
The text was updated successfully, but these errors were encountered: