The Standard

DeFiHardhat

20,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Static fee in `swap` function forces user's to pay higher fees.

ke1caM

Summary

swap function implements an UniswapV3 swap which takes fee as one of the paramenters. This value is hardcoded to 3000 meaning 0,3% swap fee for each swap. However there are liquidity pools with deeper liquidity and lower fees, that users could use to lower the cost of swap.

Vulnerability details

function swap(bytes32 _inToken, bytes32 _outToken, uint256 _amount) external onlyOwner {

uint256 swapFee = _amount * ISmartVaultManagerV3(manager).swapFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();

address inToken = getSwapAddressFor(_inToken);

uint256 minimumAmountOut = calculateMinimumAmountOut(_inToken, _outToken, _amount);

ISwapRouter.ExactInputSingleParams memory params = ISwapRouter.ExactInputSingleParams({

tokenIn: inToken,

tokenOut: getSwapAddressFor(_outToken),

fee: 3000,

recipient: address(this),

deadline: block.timestamp,

amountIn: _amount - swapFee,

amountOutMinimum: minimumAmountOut,

sqrtPriceLimitX96: 0

});

inToken == ISmartVaultManagerV3(manager).weth() ?

executeNativeSwapAndFee(params, swapFee) :

executeERC20SwapAndFee(params, swapFee);

}

fee: 3000 is hardcoded in params used to implement a swap.

PoC

Let's look at WETH/WBTC pools on UniswapV3 on Arbitrum One (chain that they protocol will be deployed to)

0x149e36E72726e0BceA5c59d40df2c43F60f5A22D WETH/WBTC pool with 0,30% fee

$3161649,83 in pool (30.12.2023 16:30 GMT+1)

0x2f5e87C9312fa29aed5c179E456625D79015299c WETH/WBTC pool with 0,05% fee

$22058024,46 in pool (30.12.2023 16:30 GMT+1)

Looking at these two pools the second one (0x2f5e87C9312fa29aed5c179E456625D79015299c) provides better environment to swap tokens. Not only it does have a smaller fee but it also has deeper liquidity allowing users for better swap prices.

There could also be pools in the future that do not have 0,3% but have 0,05% or 0,01% fee and due to static fee user will not be able to use them through swap function.

Impact

User could lose money due to static fee. There are pools with lower fees and deeper liquidity, improving user's swap quality and prices.

Tools used

VScode, Manual Review

Recommendations

Allow user to parametrize fee in swap function.

Updates

Lead Judging Commences

hrishibhat Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

fixed-uni-fee

hrishibhat Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

hardcoded-fee

Prize pool breakdown

Total prize

20,000 USDC

nSLOC

609

33 USDC / LOC

High Medium

17,500 USDC

Low

2,500 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.