Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Uniswap pools can have 3 different pool fees, using a fixed 3000 is incorrect

0xsmartcontract

Summary

Uniswap pools can have 3 different pool fees (500 WEI, 3000 WEI, 10000 WEI) - You must find the fee of the pool you use, but this is hardcoded in the codes, if the fee of the pool to be processed is not 3000, the transaction cannot be made.

Vulnerability Details

25 /// @param _profits the token to swap for WETH

26: function sellProfits(address _profits) public {

27: require(_profits != WETH, "not allowed");

28: uint256 amount = IERC20(_profits).balanceOf(address(this));

29:

30: ISwapRouter.ExactInputSingleParams memory params = ISwapRouter

31: .ExactInputSingleParams({

32: tokenIn: _profits,

33: tokenOut: WETH,

34: fee: 3000, //@audit-issue

35: recipient: address(this),

36: deadline: block.timestamp,

37: amountIn: amount,

38: amountOutMinimum: 0,

39: sqrtPriceLimitX96: 0

40: });

41:

42: amount = swapRouter.exactInputSingle(params);

43: IERC20(WETH).transfer(staking, IERC20(WETH).balanceOf(address(this)));

44: }

Impact

Tools Used

Manuel Code Review

Recommendations

It should be designed with an architecture so that the fee parameter is selected by the user.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.