The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

Pool fee is hardcoded which will lead to significant losses compared to optimal routing

Bauer

Summary

SmartVaultV3 utilizes a hard-coded pool fee of 3000 for the execution of exchange operations

Vulnerability Details

SmartVaultV3 utilizes a hard-coded pool fee of 3000 for the execution of exchange operations.
There are several problems with the hardcoding of the 3000 as the fee.
1.Not all tokens have 3000 fee pools
2.The 3000 pool fee is not the optimal to execute the swap due to low volume
Specially as they are deploying in so many EVM chains, this will be a big problem pretty much in every transaction over there.

function swap(bytes32 _inToken, bytes32 _outToken, uint256 _amount) external onlyOwner {
uint256 swapFee = _amount * ISmartVaultManagerV3(manager).swapFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();
address inToken = getSwapAddressFor(_inToken);
uint256 minimumAmountOut = calculateMinimumAmountOut(_inToken, _outToken, _amount);
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter.ExactInputSingleParams({
tokenIn: inToken,
tokenOut: getSwapAddressFor(_outToken),
fee: 3000,
recipient: address(this),
deadline: block.timestamp,
amountIn: _amount - swapFee,
amountOutMinimum: minimumAmountOut,
sqrtPriceLimitX96: 0
});

Impact

Pools with low liquidity will increase the risk of exchanges.

Tools Used

Vscode

Recommendations

Consider allowing the fees as an input and consider not even picking low TVL pools with no transations.

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

fixed-uni-fee

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

hardcoded-fee

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.