Beedle - Oracle free perpetual lending

BeedleFi

DeFiFoundry

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Hardcoding Uniswap's Fee may not result in the best rates when swapping tokens to WETH.

peanuts

Summary

Fixing the fee at 3000 in Fees.sol means interacting with pools that have 0.3% fee. Some pools may not have as much liquidity as compared to the 0.05% or the 0.01% pool, and thus any trades in the less optimal pool may result in unnecessary loss due to slippage / price impact. Some ETH pairs also do not use the 0.3% pool, so users intending to swap with those pairs will not be able to do so.

Vulnerability Details

In Fees.sol, users can use the sellProfits() function to swap any token to WETH. However, the fee is hardcoded to be 3000, which means 0.3%. This means that only pools that has a 0.3% fee can be used.

function sellProfits(address _profits) public {

require(_profits != WETH, "not allowed");

uint256 amount = IERC20(_profits).balanceOf(address(this));

ISwapRouter.ExactInputSingleParams memory params = ISwapRouter

.ExactInputSingleParams({

tokenIn: _profits,

tokenOut: WETH,

fee: 3000,

recipient: address(this),

deadline: block.timestamp,

amountIn: amount,

amountOutMinimum: 0,

sqrtPriceLimitX96: 0

});

Some pools in Uniswap uses 0.05% or even 0.01% fee with the same pair, and these pools may have more liquidity in them. Liquidity is important because according to 1inch blog:

Like price impact, slippage is also highly dependent upon the liquidity in a pool. If the token pair as a low amount of liquidity, it takes smaller collective market movements to cause significant changes to the pool's rate.

For example, the USDC/ETH 0.05% pool has a TVL of 265.77M whereas the USDC/ETH 0.3% pool has a TVL of 35.33M, almost 7 times lesser. A lesser amount in the liquidity pool will affect the optimal rates when swapping tokens.

Furthermore, some pairs are only available in the 0.01% pool, such as wstETH/ETH. So if someone has wstETH and wants to swap for ETH, the sellProfits() function will not work. Another example is the LYRA/ETH pool, which is only available in the 1% pool.

Most notably, the FTM/ETH 1% pool has 1.22M TVL whereas the FTM/ETH 0.3% pool has 30.12k TVL. Engaging in large FTM/ETH swaps using sellProfits() with the 0.3% pool will incur a huge price impact which will result in big, unnecessary loss.

Impact

Engaging solely with the 0.3% ETH pool will firstly limit the user's option to swap any types of tokens with ETH, and secondly affect the return amount if there is low liquidity in the pool.

Tools Used

Manual Review

Recommendations

It is noted that most pools using ETH pair uses the 0.3% fee, but to accommodate to the optimal swapping route every time, recommend making the fee adjustable, eg 100, 500, 3000, or 10,000.

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

706

28 USDC / LOC

High Medium

18,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.