SmartVaultV3.swap() won't work if a pool with the hardcoded fee tier doesn't exist
Summary
In the swap() function the fee tier is hardcoded as fee: 3000. However, there is no guarantee that a pool with that fee tier for the tokens will exist on the chain the contract is being deployed.
Vulnerability Details
More information about fee tiers can be found here but I'll quote the important part here:
"Medium Risk Pairs: 0.30%. The medium risk are considered any non-related pairs which have a high trading volume/popularity, Popular pairs tend to have a slightly lower risk in volatility.
High Risk Pairs: 1.00%. Any other exotic pairs will be considered high risk for liquidity providers and incur the highest trading fee of 1%."
It is not safe to assume that the trading pair between the tokens has high trading volume/popularity to be considered Medium risk and therefore will have 0.30% fee.
There is a chance that it will be considered High risk and the fee will be 1%(10000).
Impact
The swap() function won't work.
Tools Used
Manual review
Recommendations
Pass the fee as a parameter or handle the cases in which the pool with 3000 fee does not exist.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.