Lack of Approval to UniswapV3Router in fees.sol
Summary
Beedle's fees.sol contract collects ERC20 fees but lacks proper approval for Uniswap router.
This causes problems during token swaps, making it impossible to convert fees to WETH.
Approval should be implemented to enable the router to spend fees.sol tokens while swapping.
Vulnerability Details
Beedle collects fees in various ERC20 tokens in fees.sol contract and then swap those tokens into WETH using Uniswaps via sellProfits.
Beedles fees.sol calls uniswap particular function exactInputSingle() on router contract which swaps the beedles token from uniswap pool.
The way it works is that uniswap pool pulls the input tokens form the user-contract via uniswapV3SwapCallback() and transfers the output token to user in return. However when swapping via router the uniswapV3SwapCallback is called to router contract, wherein router is supposed to transfer the input token to uniswap pool.Router does that via transferFrom() functionality.(which requires approval in advance)
But for this to work, Router contract needs the approval from the fees.sol contract to transfer the input tokens on behalf of it.
However there isn't any implementation of the approval for the same.
Impact
All the fees in all tokens except the one in WETH will be forever stuck in fees.sol.
Tools Used
Manual Review
Recommendations
implement approval to the router contract of input tokens before calling the exactInputSingle() for swapping.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.