The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Hardcoded swap fee in the `SmartVaultV3::swap` can lead to a DOS of the swap functionality

inzinko

Summary

In the swap functionality the fee value in the params is hardcoded, this can lead to situations where swaps cannot be proccessed because of low fees sent, cause uniswap and other AMMs fees are not fixed fees and can change depending on the pool activites.

Vulnerability Details

When implementing the swap functionality, in the Smart vault contract the fee in the params for the swap is harcoded as shown below

...
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter.ExactInputSingleParams({
tokenIn: inToken,
tokenOut: getSwapAddressFor(_outToken),
fee: 3000,
//@audit This hardcoded fee can lead to a situation that the fee is not enough to conduct the swap, leading to inability to proceed
recipient: address(this),
deadline: block.timestamp,
amountIn: _amount - swapFee,
amountOutMinimum: minimumAmountOut,
sqrtPriceLimitX96: 0
});
...

Impact

Inabilty of the swap function to conduct operations, if the hardcoded fees in the params are not enough to perform the swap

Tools Used

Manual Review

Recommendations

Most AMMs implement a getter function that provides information about how much fees a user has to pay to conduct swaps in a particular pool, i think that should be implemented, to get an accurate description of the fee amount that will require to conduct a successful swap.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

fixed-uni-fee

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

hardcoded-fee

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.