Submission Details
Severity:
use Variable fee instead of fixed fee in sellProfits function
Summary
in the sellProfits function in Fees.soll fee:3000 is hard-coded, it's better to make it Variable, so the user can decide which fee to use.
Vulnerability Details
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
.ExactInputSingleParams({
tokenIn: _profits,
tokenOut: WETH,
fee: 3000,
recipient: address(this),
deadline: block.timestamp,
amountIn: amount_in,
amountOutMinimum: 0,
sqrtPriceLimitX96: 0
Impact
users are forced to use a fee:3000
Tools Used
manual review
Recommendations
- function sellProfits(address _profits) public {
+ function sellProfits(address _profits, uint24 _fee) public {
require(_profits != WETH, "not allowed");
uint256 amount = IERC20(_profits).balanceOf(address(this));
contract Fees {
.ExactInputSingleParams({
tokenIn: _profits,
tokenOut: WETH,
- fee: 3000,
+ fee: _fee,
Prize pool breakdown
Total prize
20,000 USDC
nSLOC
70628 USDC / LOC
18,000 USDC
2,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.