Uniswap fee is hardcoded
Summary
Hardcoded value of uniswap pool commission
Vulnerability Details
In SmartVaultV3, fee of uniswap pool is hardcoded - 3000, which reduce significantly the possibilities of swap.
In this project, uses uniswap v3, which use 3 type of pools with different commission.
From uniswap documentation:
https://docs.uniswap.org/concepts/protocol/fees
"Uniswap v3 introduces multiple pools for each token pair, each with a different swapping fee. Liquidity providers may initially create pools at three fee levels: 0.05%, 0.30%, and 1%."
But in vault contract, commission is hardcoded to 0.3%
Due to the fact that the user is limited to a fixed commission amount, he will sometimes not be able to exchange tokens
Impact
Due to the fact that the user is limited to a fixed commission amount, he will sometimes not be able to exchange tokens
Refs to valid issues:
https://github.com/code-423n4/2022-05-sturdy-findings/issues/48
https://solodit.xyz/issues/m-02-uniswap_fee-is-hardcoded-which-will-lead-to-significant-losses-compared-to-optimal-routing-code4rena-sturdy-sturdy-contest-git_
Tools Used
Manual review
Recommendations
Allow the user to choose amount of pool commission
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.