Swap fees in `SmartVaultV3::swap()` are calculated the same way for all input tokens
Summary
Swaps in the smart vault use a static calculation to find out the fee to send to the vault manager that is based on the amount of the input token. I believe this to be a bad design because it does not account for the decimals and the real-world price of the assets.
Vulnerability Details
The way the manager fees are calculated in SmartVaultV3::swap() is possibly incorrect.
If we look at the code:
We will see that the fees are calculated based on the swap amount passed. The code doesn't make any checks for the decimal count of the particular token or its price against a stablecoin.
Impact
This results in statically calculated fees no matter the input token. Swaps of input tokens like LINK and PAXG, both of which have 18 decimals, would result in the user being charged the same fee, despite the stark difference in the price of both.
Tools Used
Manual Analysis
Recommendations
Base swapFee on the actual value of the token rather than simply taking the swap amount. Use UniswapV3 or Chainlink as an oracle to get ahold of the price. Also make sure to apply necessary decimal corrections.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.