Shambolic Mint Dinosaur
High
In the Market.sol contract the update functions lack a deadline parameter. Attackers can exploit pending transactions during high volatility by executing them at unfavorable times.
In https://github.com/sherlock-audit/2025-01-perennial-v2-4-update/blob/main/perennial-v2/packages/core/contracts/Market.sol#L147 https://github.com/sherlock-audit/2025-01-perennial-v2-4-update/blob/main/perennial-v2/packages/core/contracts/Market.sol#L176 https://github.com/sherlock-audit/2025-01-perennial-v2-4-update/blob/main/perennial-v2/packages/core/contracts/Market.sol#L213 https://github.com/sherlock-audit/2025-01-perennial-v2-4-update/blob/main/perennial-v2/packages/core/contracts/Market.sol#L223 https://github.com/sherlock-audit/2025-01-perennial-v2-4-update/blob/main/perennial-v2/packages/core/contracts/Market.sol#L232 https://github.com/sherlock-audit/2025-01-perennial-v2-4-update/blob/main/perennial-v2/packages/core/contracts/Market.sol#L247 https://github.com/sherlock-audit/2025-01-perennial-v2-4-update/blob/main/perennial-v2/packages/core/contracts/Market.sol#L264 https://github.com/sherlock-audit/2025-01-perennial-v2-4-update/blob/main/perennial-v2/packages/core/contracts/Market.sol#L283
the update functions lack a deadline parameter. Attackers can exploit pending transactions during high volatility by executing them at unfavorable times.
No response
No response
No response
Transactions can be front-run or delayed, leading to sandwich attacks.
No response
Add a deadline parameter to all user-initiated functions and validate block.timestamp <= deadline.