Summary

Token pairs that does not have uniswapv3 pools will be open to frontrun deploy attacks.

Vulnerability Details

Some token pairs does not have UniswapV3 pools in order to do swapping. For example PAXG is one of the main collaterals in the protocol. But in arbitrum there is no PAXG-WBTC UniswapV3 pool (there are more missed pools, just giving this as an example). Hence an attacker who saw the swap attempt between PAXG and WBTC in protocol, can deploy malicious PAXG-WBTC pool with wrong pricing details before swap happens (frontrun), then swap will occur in malicious pool and users will lose funds. It also does not necessarily require frontrunning. Malicious attacker can deploy these pools whenever they want but these pools can be arbitraged and normalized if deployed very early.

Leaving report this small is not something I appreciate but I believe the problem should became obvious with after paragraph.

Impact

Users funds will be lost hence high impact. It will happen just for some pairs hence medium likelihood. I believe this should be medium severity vulnerability.

Tools Used

Manual Review

Recommendations

Do not accept the tokens that don't have pools in uniswap (protocol admin can check it beforehand), or deploy the pairs with sufficient liquidity (which requires funding).