Hardcoding pool fee can result in unnecessary losses for user
Summary
Hardcoding pool fee tier can result in losses for vault users in some situations
Vulnerability Details
Observe the following code
The function swap allows the vault user to swap tokens using uniswap V3. In the swap function, various parameters are set up to initiate the swap. However, the pool fee is hardcoded to 3000 (0.3%) shown here
. In uniswap V3, there are 3 pool tiers (0.05%, 0.3%, or 1%). While there is no restriction on which pool tier one can chose to conduct swaps, 0.3% is not the most cost efficient option for each pool.
See the uniswap Docs here
https://docs.uniswap.org/concepts/protocol/fees
Let's say that the vault user is swapping in a pool of very low volatility (e.g. DAI and USDT), instead of using the cost efficient pool tier of .05% which is best for stablecoin pools, the protocol defaults to .3% which is better for pools with medium volatility. If the amount being swapped is very high, the amount of unnecessary losses could be significant.
I am putting this bug as a med as this is a systemic issue where the overall losses will add up for users
Impact
Users can lose funds in some situations
Tools Used
Manual Review
Recommendations
Allow the owner to set the pool fee tier
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.