kutugu
medium
buyToken / sellToken have no expiration time protection, when tx stays in mempool for a long time before being executed, even in the slippage range, it may also cause losses to the user.
Assume user wants to buy 100 tokenA for $100, but due to the gasprice is too low to stay in mempool, after some time the tokenA price drops to $0.8, the searcher finds the tx in the mempool, wraps it with a sandwich, extracts MEV $20, and the user loses $20.
No expiration time protection results in user's tx can still be executed for a long period of time, possibly causing a loss of funds
- https://github.com/sherlock-audit/2023-06-dodo/blob/a8d30e611acc9762029f8756d6a5b81825faf348/new-dodo-v3/contracts/DODOV3MM/D3Pool/D3Trading.sol#L91
- https://github.com/sherlock-audit/2023-06-dodo/blob/a8d30e611acc9762029f8756d6a5b81825faf348/new-dodo-v3/contracts/DODOV3MM/D3Pool/D3Trading.sol#L129
Manual Review
Add expiration time protection