The createPool function in the PoolFactory contract fails to check if the tokenAddress is equal to i_wethToken. This oversight permits the creation of pools where both tokens are WETH, contrary to the intended design which only supports Token/WETH pools
The createPool function is designed to create liquidity pools with a given token and WETH. However, the function does not include a required check to prevent the creation of a pool with WETH as both the base token and the liquidity token. This can lead to the creation of WETH/WETH pools, which are not supported and can cause unexpected behavior in the pool management system.
Fee Generation Issues: The creation of WETH/WETH pools allows fees (0.03%) to be generated without actual asset exchange, which can mislead fee distribution mechanisms and affect the expected revenue streams from the liquidity pools.
Operational Inefficiencies: WETH/WETH pools do not facilitate meaningful liquidity provision or trading opportunities since there is no actual exchange of assets. This can lead to wasted gas fees and blockchain resources.
Financial Risks: Users might inadvertently interact with WETH/WETH pools expecting standard Token/WETH functionality, potentially leading to unintended financial losses or misunderstandings.
Manual Code Review
Foundry Unit Test
include a require statement to check that tokenAddress is not equal to i_wethToken:
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.