F-2025-0014·missing-deadline-protection

Improper deadline handling across Bera_Module DEX operations

Acknowledgedvaultetfstrategyd2-contracts

TL;DR

Bera_Module's DEX swap functions either hardcode the deadline parameter to type(uint256).max or omit the deadline entirely (OogaBooga), removing one of DeFi's standard protections against stale or held transactions.

Severity

LOW

Impact

LOW

Likelihood

MEDIUM

Method

MManual review

CAT.

Complexity

LOW

Exploitability

LOW

02Section · Description

Description

The Bera module shows improper handling of transaction deadlines in DEX operations.

KodiakV2/V3 operations use type(uint256).max as the deadline:

solidity

function bera_kodiakv2_add(...) {
    kodiakv2.addLiquidity(..., type(uint256).max);
}

function bera_kodiakv2_swap(address token, uint amount, uint amountMin, address[] calldata path)
    external onlyRole(EXECUTOR_ROLE) nonReentrant {
    ...
    kodiakv2.swapExactTokensForTokensSupportingFeeOnTransferTokens(..., type(uint256).max);
}

function bera_kodiakv3_increase(...) {
    kodiakv3.increaseLiquidity(IKodiakV3.IncreaseLiquidityParams({
        ...,
        deadline: type(uint256).max
    }));
}

OogaBooga and KodiakV3 swaps (see finding M-6, bera_kodiakv3_swap broken due to deadline parameter) lack deadline protection entirely:

solidity

function bera_oogabooga_swap(...) {
    oogaBooga.swap(tokenInfo, pathDefinition, executor, referralCode);
}

Using infinite deadlines (or none at all) is a risky practice in DeFi. Transaction deadlines are a crucial protection mechanism that prevents transactions from executing under unexpected market conditions, especially during network congestion or high volatility periods.

03Section · Impact

Impact

While access is restricted to EXECUTOR_ROLE, improper deadline handling could lead to:

Trades executing at unexpected times during network congestion.
No protection against stale transactions in volatile market conditions.
MEV bots could hold transactions and execute them at disadvantageous moments.
No mechanism to invalidate outdated trades.

For OogaBooga specifically, the lack of a deadline parameter in their protocol design leaves users exposed to these risks without any way to protect themselves.

04Section · Recommendation

Recommendation

For Kodiak operations, implement reasonable deadlines:

solidity

uint256 private constant MAX_DEADLINE_WINDOW = 30 minutes;

function bera_kodiakv2_add(...) {
    kodiakv2.addLiquidity(..., block.timestamp + MAX_DEADLINE_WINDOW);
}

For OogaBooga and KodiakV3, consider implementing a wrapper that adds deadline protection:

solidity

function bera_oogabooga_swap(..., uint256 deadline) {
    require(block.timestamp <= deadline, "Expired");
    oogaBooga.swap(...);
}

function bera_kodiakv3_swap(..., uint256 deadline) external onlyRole(EXECUTOR_ROLE) nonReentrant {
    require(block.timestamp <= deadline, "Expired");
    ...
    kodiakv3swap.exactInput(IKodiakV3.ExactInputParams({ ... }));
}

05Section · Resolution

Resolution

D2: Ignored "Improper deadline handling" because we mostly don't care about it on our main chain Arbitrum, although we understand how it's riskier for on Mainnet.

Cyfrin: Acknowledged.