UniswapV3 incorrect swap parameters will result in a swap failure and swap at a bad rate
Hardcoded fee of 3000 (0.3 %)
https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Fees.sol#L34
will cause a swap failure for tokens which don't have 0.3 % fee pools.
Another issue is swap at a bad rate because 0.3 % fee pool might have poor liquidity.
POC
https://gist.github.com/justefg/16c9d6125c45bb320fa152273015bccd
testUOSSwapCorrectFee and testUOSSwapInCorrectFee prove that not all coins have 0.3 % fee pools. In the test I used UOS which is ranked 328th on coinmarketcap. I'm sure there a lot more examples.
testUniswapFees shows that some pools have poor liquidity. In this example it's 0.01 % USDC / WETH and swapping tokens there would result in only 0.61 ETH received compared to 0.3 % and 0.05% with 0.998 and 0.999 ETH respectively.
Mitigation steps:
Add fee as a parameter along with minAmountOut
Add access control so only trusted parties could trigger it
Use an aggregator like one inch to find optimal routes or use a tool from uniswap
https://github.com/Uniswap/smart-order-router
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.