Forced Use of a Single Router for Token Swaps in `sellProfits` Function
Summary
The sellProfits function in the "Fees" contract enforces the usage of a single Uniswap v3 router for all token swaps. This design limitation could lead to liquidity issues, resulting in forced losses for users when attempting to swap less popular or newly listed tokens.
Vulnerability Details
The vulnerability lies in the hardcoded usage of a single Uniswap v3 router (swapRouter) in the sellProfits function:
This code snippet sets the swapRouter as a constant, and it cannot be changed or updated once the contract is deployed. Users of this contract are forced to use this specific router for all token swaps, even if it lacks sufficient liquidity for certain tokens. As a result, users may experience high slippage and forced losses when swapping less popular or recently listed tokens.
Impact
The forced usage of a single Uniswap v3 router can lead to liquidity constraints for certain tokens, causing significant slippage during token swaps. Users may end up receiving fewer tokens than expected, resulting in potential financial losses.
Tools Used
Manual
Recommendations
Allow users to use an aggregator like paraswap or multiple routers instead of only one single UniswapV3 router.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.