The Standard
The Standard
DeFiHardhat
20,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Having PAXG as an accepted collateral is a downside to protocol as it's supported functionality is massively limited on Arbitrum

bauchibred

Proof of Concept

Whereas having PAXG as a collateral introduces a crazy amount of dynamics being that it's a real world asset and we can all agree that in current circumstances it's the most stable asset among the supported ones, i.e "ETH, WBTC, ARB, LINK and PAXG"

The only reason for this report, is cause this asset's functionality is massively downplayed on the Arbitrum network, what I mean to say is functionalities that are however readily available on the mainnet for PAXG are not available on the Arbitrum L2

To delve into this, take a look at SmartVaultV3.sol#L214-L231

function swap(bytes32 _inToken, bytes32 _outToken, uint256 _amount) external onlyOwner {
uint256 swapFee = _amount * ISmartVaultManagerV3(manager).swapFeeRate() / ISmartVaultManagerV3(manager).HUNDRED_PC();
address inToken = getSwapAddressFor(_inToken);
uint256 minimumAmountOut = calculateMinimumAmountOut(_inToken, _outToken, _amount);
ISwapRouter.ExactInputSingleParams memory params = ISwapRouter.ExactInputSingleParams({
tokenIn: inToken,
tokenOut: getSwapAddressFor(_outToken),
fee: 3000,
recipient: address(this),
deadline: block.timestamp,
amountIn: _amount - swapFee,
amountOutMinimum: minimumAmountOut,
sqrtPriceLimitX96: 0
});
inToken == ISmartVaultManagerV3(manager).weth() ?
executeNativeSwapAndFee(params, swapFee) :
executeERC20SwapAndFee(params, swapFee);
}

As seen, this function is essentially used to swap any tokenIn for any tokenOut case is if either of these tokens is PAXG the whole attempt to swap would revert, this is cause unlike the mainnet where there are pools readily available to make a quote and swap for PAXG, this is not available on the Arbitrum L2, below are two pictures demoing an attempt to these swaps via

For mainnet:

However for the Arbitrum L2 no quotes are available:

To dive a bit deeper into this, from here we can that using the ETH has 3 different pool against USDC, with the two most optimal() being with a fee other than protcols currently hardcoded value of 0.3%, note that this is even a pair of two popular tokens, same case can be made for the WBTC/ETH pair, where it's best pool with ~23 mln TVL is the pool with an attached fee of 0.05% and the pool with a 0.3% also existing but having a TVL of 14% in comparison to the latter now if these are the massive differences for popular tokens the pair of the popular ETH and any other

Impact

There are multiple cases to be made from this, only one has been stated above which is the fact that executeERC20SwapAndFee() would never work for PAXG note that even underlying protocol's implemented swapping function has some hardcoded functionalities to it and even if a pool gets added for PAXG in the future on Arbitrum it might not be with protocol's expected fee

Recommended Mitigation Steps

As hinted by the title of the report, if possible reconsider accepting PAXG as an asset, since support for it is not as available as other assets

Updates

Lead Judging Commences

hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Validated
Assigned finding tags:

fixed-uni-fee

bauchibred Submitter
over 1 year ago
hrishibhat Lead Judge
over 1 year ago
hrishibhat Lead Judge over 1 year ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.