Swap Router Address of UniswapV3 is Not Same in All Chains
Summary
Sponsor in discord mentioned that protocol can be deployed on other chains too. Since SwapRouter address is hardcoded in Fees.sol, swaps won't be available in all chains hence Fee's can stuck in.
Vulnerability Details
SwapRouter address in Fees.sol is hardcoded and declared as constant. Hence it is not possible to change this address after deployment. Sponsor mentioned that protocol can be deployed on any chain. Since SwapRouter addresses are not same on all chains as mentioned as UniSwap docs:
Integrators should no longer assume that they are deployed to the same addresses across chains and be extremely careful to confirm mappings below.
If protocol deploys the contracts in chains that have different SwapRouter addresses such as Celo,BNB or Base; Swaps won't work because either these chains don't have SwapRouter contracts (BNB and Base) or they have but at different address (Celo).
Impact
Since only way to get funds out from Fees.sol contract is via swaps, funds will get stuck at contract and protocol will lose funds, hence I consider this as high.
Tools Used
Manual Review
Recommendations
Create swapRouter variable as immutable rather than constant and declare it in constructor with correct addresses for deployed chain.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.