Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Hardcoded Uniswap Pool Fees in Fees.sol

nisedo

Summary

Hardcoding Pool Fees restrict Fees.sol to only uses Uniswap Pools with the hardcoded fees, which can be a problem if there is no pool available for the token pair.

Vulnerability Details

Since Fees.sellProfits() allows for any token address to be inputted by the user, it can be a token which doesn't have a Uniswap Pool with 0.3% fees.
Therefore the user calling sellProfits() won't be able to swap his tokens for WETH and his tokens will be stuck in the Fees.sol contract.
Or it can lead the user to lose value on his swap because he is forced to use a 0.3% fees pool when a 0.05% or 0.01% pool is available.

Impact

User funds stuck or unfavorable swap using wrong pool.

Tools Used

Manual Review

Recommendations

Don't hardcode the fees as recommended by Uniswap docs: "In production, you would likely use an input parameter for this, allowing you to change the pools and tokens you are interacting with on a per transaction basis."

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!