Description

The contract enforces timelock expiry with initiated_at + timelock < now, which is correct. However, timelock itself has no maximum value, so a user could accidentally pass an extremely large number and trap funds indefinitely.

Impact

This is purely a user-experience/safety risk; user error could create an unredeemable swap.

Recommendations

Apply a sensible upper bound on timelock (e.g., <= 30 days) in safe_params.

Remediation

This issue has been acknowledged by Garden Finance, and a fix was implemented in commit 4b9c871f↗.