QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: high

Valid

Swap Fees Stuck in UpliftOnlyExample Contract

aksoy

Summary

The onAfterSwap function in the UpliftOnlyExample contract collects swap fees into the contract's address but does not include any mechanism to transfer or utilize these fees. As a result, the accumulated fees become permanently stuck in the contract, rendering them inaccessible.

Vulnerability Details

The function calculates hookFee and sends part of it (adminFee) to the QuantAMM admin address. The remaining portion (ownerFee) is sent to the UpliftOnlyExample contract itself. But currently there is no implementation within the contract to transfer or utilize the accumulated ownerFee.

function onAfterSwap(

AfterSwapParams calldata params

) public override onlyVault returns (bool success, uint256 hookAdjustedAmountCalculatedRaw) {

uint256 quantAMMFeeTake = IUpdateWeightRunner(_updateWeightRunner).getQuantAMMUpliftFeeTake();

uint256 ownerFee = hookFee;

if (quantAMMFeeTake > 0) {

uint256 adminFee = hookFee / (1e18 / quantAMMFeeTake);

ownerFee = hookFee - adminFee;

address quantAMMAdmin = IUpdateWeightRunner(_updateWeightRunner).getQuantAMMAdmin();

_vault.sendTo(feeToken, quantAMMAdmin, adminFee);

emit SwapHookFeeCharged(quantAMMAdmin, feeToken, adminFee);

}

if (ownerFee > 0) {

// @audit recived fees have no implementation to withdraw

_vault.sendTo(feeToken, address(this), ownerFee);

emit SwapHookFeeCharged(address(this), feeToken, ownerFee);

}

Impact

Swap fees meant for the contract owner or other beneficiaries are irrecoverable

Tools Used

Manual

Recommendations

Add a function that allows the contract owner or an authorized address to withdraw the accumulated fees. function

function withdrawFees(IERC20 feeToken) external {

uint256 feeAmount = feeToken.balanceOf(address(this));

if (feeAmount > 0) {

feeToken.safeTransfer(owner(), feeAmount);

}

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding_ownerFee_cannot_be_withdrawn

Likelihood: High, every swap. Impact: High, funds are stuck.

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.