Deadline Explained in Detail
A deadline limits when an action can execute. It is common in permits, swaps, meta-transactions, and account abstraction operations.
Deadlines reduce relayer optionality and protect users from stale execution.
Smart contract example
require(block.timestamp <= deadline, "expired");
The expected comparison should match the standard or protocol design.
Deadline in Auditing
Without a deadline, an old signature or trade may remain usable indefinitely. That increases replay risk and lets relayers wait for a better moment to execute.
Auditors verify that the deadline is included in signed data and enforced before sensitive effects.
Red flags in code
-
No deadline for a time-sensitive signed action.
-
Deadline is not included in the signed digest.
-
Expired actions are accepted.
-
0ortype(uint256).maxis accepted without clear intent. -
Deadline is checked after external effects.
How to test or review it
-
Execute at
deadline - 1, exactlydeadline, anddeadline + 1. -
Replay an old signature.
-
Verify the signed payload includes deadline, nonce, chain, and verifying contract.
-
Check batched and relayed paths enforce the same expiry.
-
Review whether block timestamp is acceptable for the use case.
Keep learning this topic
ERC20 Permit
ERC20 permit lets a token owner approve an ERC20 allowance with a signature instead of sending an on-chain approve transaction.
Slippage Tolerance
Slippage tolerance is the maximum execution difference a user accepts between an expected quote and the actual on-chain result.
Replay Attack
A replay attack reuses a valid transaction, signature, message, or proof in a context where it should only be valid once.
Practice this in real audit scenarios
Definitions help, but auditors need reps. SCH turns concepts like Deadline into exploit labs, code review habits, and report-writing practice.
Start the free trial or see the full smart contract auditing course.