Beedle - Oracle free perpetual lending
BeedleFi
DeFiFoundry
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Inaccessible fee tokens in case of non-existent Uniswap V3 pools

bernd

Summary

Received ERC-20 fee tokens in the Fees contract can not be swapped for WETH in case of non-existent Uniswap V3 pools and thus not be utilized as staking rewards.

Vulnerability Details

Received ERC-20 fee tokens are swapped for WETH in the sellProfits function of the Fees contract and sent to the staking contract (staking). Uniswap V3 is used for the swap, given that a pool exists for the given token pair and the swap fee. However, if no pool exists, the swap will fail.

Fees.sellProfits

26: function sellProfits(address _profits) public {
27: require(_profits != WETH, "not allowed");
28: uint256 amount = IERC20(_profits).balanceOf(address(this));
29:
30: ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
31: .ExactInputSingleParams({
32: tokenIn: _profits,
33: tokenOut: WETH,
34: fee: 3000,
35: recipient: address(this),
36: deadline: block.timestamp,
37: amountIn: amount,
38: amountOutMinimum: 0,
39: sqrtPriceLimitX96: 0
40: });
41:
42: amount = swapRouter.exactInputSingle(params);
43: IERC20(WETH).transfer(staking, IERC20(WETH).balanceOf(address(this)));
44: }

Impact

Certain received ERC-20 fee tokens remain inaccessible in the Fees contract and cannot be utilized as staking rewards.

Tools Used

Manual Review

Recommendations

Consider adding admin ownership to the Fees contract and allow the admin to sweep received fee tokens in case of non-existent Uniswap V3 pools.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!