The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Hardcoded swapfee can lead to unnecessarily high slippage

carrotsmuggler

Summary

The protocol hardcodes the swapfee for uniswap pools to 3000. This swap pool might not have a ton of liquidity and can lead to unnecessarily slippage losses for the user.

Vulnerability Details

The protocol implements a swap function that allows users to swap between different collateral tokens by swapping them in through Uniswap V3 pools. The issue is that when setting up the swap arguments, the protocol hardcodes the fee tier to 3000, which might not be the best pools to route the swaps through.

ISwapRouter.ExactInputSingleParams memory params = ISwapRouter.ExactInputSingleParams({
tokenIn: inToken,
tokenOut: getSwapAddressFor(_outToken),
fee: 3000,
recipient: address(this),
deadline: block.timestamp,
amountIn: _amount - swapFee,
amountOutMinimum: minimumAmountOut,
sqrtPriceLimitX96: 0
});

This can lead to users swapping via pools with low liquidity and more prone to price manipulations and sandwich attacks. The protocol should instead allow the user to specify the fee tier they want to use for the swap.

Impact

Users can swap via pools with low liquidity and are prone to price manipulations and sandwich attacks.

Tools Used

Manual Review

Recommendations

Allow users to specify the fee tier they want to use for the swap.

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

fixed-uni-fee

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

hardcoded-fee

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.