QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: high

Valid

Hook fees (`ownerFee`) are stuck in `UpliftOnlyExample` and non retrievable

0xhuntoor

Summary

UpliftOnlyExample::onAfterSwap() some fees taken from the swap are not sent to quantAMMAdmin or Hook owner, but sent to UpliftOnlyExample it self with no retrievable way for the tokens

Vulnerability Details

after pool swap, there is a hook called onAfterSwap() in UpliftOnlyExample to deduct swap fees for the hook contract, (part of it is sent to the Quant admin)

File: UpliftOnlyExample.sol

293: function onAfterSwap(

341:

342: if (ownerFee > 0) {

343: _vault.sendTo(feeToken, address(this), ownerFee);

344:

345: emit SwapHookFeeCharged(address(this), feeToken, ownerFee);

350: }

But the problem in the above code is that it sends the fees amount ownerFee to it self, with no function to retrieve those tokens

Impact

Loss of swap fees

Tools Used

Manual review

Recommendations

use the ownerFee to be donated to the pool like the logic in onAfterRemoveLiquidity Hook or if its intended to be sent to Pool owner, then send those tokens to him like the way you did with admin fees

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding_ownerFee_cannot_be_withdrawn

Likelihood: High, every swap. Impact: High, funds are stuck.

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.