Summary

The L2TokenReceiver contract implements ERC-721 token receiver interface but is not possible to provide any transactions with the ERC-721 tokens except of collecting fee from position tokens and reinvesting them. This means that all ERC-721 tokens and all assets associated with Uniswap v3 position tokens will be locked on the contract.

Vulnerability Details

The ERC-721 token receiver interface lets receiving ERC-721 tokens via safe functions to avoid locking tokens on contracts which can not handle them. Though the L2TokenReceiver contract provides collectFees function for position tokens it is not necessary to implement ERC-721 token receiver interface and keep such tokens on the contract. The position token owner may just authorize this contract to collect fees. In any case these tokens can be transferred to the contract with unsafe functions but it would be exactly the user's decision or mistake.

Impact

ERC-721 tokens locking on the contract. In terms of Uniswap v3 position tokens it means permanent assets locking on the contract.

Tools used

Manual Review

Recommendations

Consider removing the ERC-721 token receiver interface and keeping position tokens on the protocol's separate treasury contract with fee collecting allowance for the L2TokenReceiver contract.