Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Fees are hardcoded to 3000 in ExactInputSingleParams

ni8mare

Summary

Fees are hardcoded to 3000 in ExactInputSingleParams. This is problematic as the users might be paying more fees in cases where pools with less fees are available.

Vulnerability Details

As stated in the summary, some pools have even lower fees than 0.3%. For example, the WETH/USDC pool on Optimism has pools with fees equal to 0.05%, lower than 0.3% fees. In such cases, hardcoding the fees to 3000 in the ExactInputSingleParams struct results in users paying more fees. Also, chances are pools with lower fees might have more liquidity and hence provide more efficient swaps, especially for common pairs (WETH/USDC pool with 0.05% fees on Optimism, has more liquidity than 0.3% fees). Hence the swap is not efficient when fees are hardcoded in this manner.

A similar case was judged as a medium

Impact

Inefficient swaps would be executed.

Tools Used

Manual review.

Recommendations

It is recommended that the function takes in input that allows users to set their own fees.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.