Skip to content
This repository has been archived by the owner on Nov 26, 2023. It is now read-only.

Delvir0 - UniV3SwapInput doesn't implement a deadline #818

Closed
sherlock-admin opened this issue May 24, 2023 · 0 comments
Closed

Delvir0 - UniV3SwapInput doesn't implement a deadline #818

sherlock-admin opened this issue May 24, 2023 · 0 comments
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue

Comments

@sherlock-admin
Copy link
Contributor

sherlock-admin commented May 24, 2023
edited by github-actions bot
Loading

Delvir0

medium

UniV3SwapInput doesn't implement a deadline

Summary

At heavy traffic, a transaction could take a while.
In order to protect against long-pending transactions and wild swings in prices, a deadline is needed.
Code includes the deadline but has been commented out which means it will not work.

Vulnerability Detail

e.g.

  1. transaction to trade 1 tokenA for 1 tokenB (ratio is 1:1)
  2. transaction takes along time
  3. when transactions finally goes threw, the ratio is 0.5:1 and less than expected tokens are received

Impact

Exposed to price swings

Code Snippet

https://github.com/sherlock-audit/2023-05-USSD/blob/main/ussd-contracts/contracts/USSD.sol#L227

Tool used

Manual Review

Recommendation

Implement a deadline

Duplicate of #673
@github-actions github-actions bot closed this as completed Jun 5, 2023
@github-actions github-actions bot added High A valid High severity issue Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label labels Jun 5, 2023
@sherlock-admin sherlock-admin added the Reward A payout will be made for this issue label Jun 23, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Duplicate A valid issue that is a duplicate of an issue with `Has Duplicates` label High A valid High severity issue Reward A payout will be made for this issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sherlock-admin