Dry Honey Huskie
Medium
In the Proof-of-Stake (PoS) model, proposers have advanced knowledge of whether they will propose a single block or a series of consecutive blocks. In this context, a malevolent validator can delay a transaction and choose to execute it at a more opportune block number.
There is a hardcoded slippage for the minimum number of tokens and deadline. Swap can be maliciously executed later, user can face up with the loss when the value of token change. In the worst scenario, vault can be liquidated because of the swap.
No response
- User/AMO bot call
mintSellFarm() - Sandwich Attack
- User lose tokens
Minimum number of tokens is 1.This provides no safeguard since block.timestamp + 1 will reflect the timestamp of the block in which the transaction is included. Consequently, malicious validators can indefinitely withhold the transaction.
The vulnerability increases the risk of inefficient or failed token swaps due to potential sandwich attack. This may result in financial losses and negatively impact the reliability of the contract's token swapping functionality.
No response
Allow users to specify minimum amount of tokens and deadline.