sellProfits funciton may not be usable due to UniswapV3 pools configuration
Summary
Fees contract allow swapping fees generated by the protocol in form of collateral tokens to be swapped to WETH and transfered to Staking contract.
Vulnerability Details
Current sellProfits function calls Uniswap V3 ExactInputSingleParams function with hard-coded fee 3000, which will effectively use Uniswap pool with 0.3% fee.
While 0.3% fee pool are most common for Uniswap, pools might be also created with 0.05% or 1% fees.
It's crucial to use the correct fee value that corresponds to the actual fee tier used in the liquidity pool to get accurate results when using Uniswap's ExactInputSingle function. Incorrect usage can lead to financial losses or undesired outcomes.
Impact
Effectively, if we use current implementation of sellProfits for the token pair were non 0.3% implemented we may get worse price or get transaction reverted.
For example USDC/ETH 0.05% pool has $270 mln liquidity, while 0.3% pool only $2.7 mln. Thus slippage will be much higher within 0.3%
Tools Used
Observation
Recommendations
Allow different fee tier implementation for different assets
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.