The Standard

Summary

UniswapV3 features singlehop and multihop swaps, where using less liquid pools in singlehop swaps can lead to significant user collateral loss, whereas insufficient liquidity prevents swaps altogether.

Vulnerability Details

UniswapV3 have 2 different swap routes. One is singlehop swap the other is multihop swap. Multihop swap is exist in order to make the route optimal such that more liquid pools will be used and price change won't be dramatic because of illiquid pools.
The problem is protocol use single hop swap and also uses tokens that pools are not liquid enough, hence if there is enough liquidity in uniswap pools such that swap can happen, but not enough liquidity that swap can happen optimally, users will lose significant amount of collateral. If there is not enough liquidity, swap won't happen in the first place.

For example let's check the LINK/WBTC UniswapV3 pool in Arbitrum:
Pool address is: 0xa79fD76cA2b24631Ec3151f10c0660a30Bc946E7
And pool currently have 300 dollars worth of LINK and 70 dollars worth of WBTC. Considering these two tokens are within the scope of the contest (they are main collateral tokens that are accepted). Any swap between these two will encounter the issues that I specified above.

Impact

Pools within specified tokens in contest are not liquid enough, hence this will occur very often hence this is a high likelihood. Impact is also high because either swap won't be possible (low impact), or users will lose most of their funds (high impact). Hence I consider this as a high severity vulnerability.

Tools Used

Manual Review

Recommendations

If protocol uses multihop swap, router will start to use path:
LINK -> USDC -> WBTC
which consists of very liquid pools, and hence problem will be solved.

Hence implement multihop swaps : https://docs.uniswap.org/contracts/v3/guides/swaps/multihop-swaps