QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: high
Valid

Lack of Withdrawal Mechanism for Swap Fees in UpliftOnlyExample Contract

i_atiq

Summary

The hook contract charges a fee on swaps and stores the owner fees in the contract. However, there is no function available for the owner to withdraw these funds. As a result, the accumulated fees are permanently locked in the contract, rendering them inaccessible.

Vulnerability Details

  • In the hook contract, a fee (ownerFee) is charged during swaps and stored using the sendTo function, which transfers the fee to the hook contract's address.

  • While the fee collection is properly implemented, the contract lacks a withdrawal mechanism, preventing the owner from accessing these funds.

if (ownerFee > 0) { // @audit - owner does not have a way to take these funds
_vault.sendTo(feeToken, address(this), ownerFee);
emit SwapHookFeeCharged(address(this), feeToken, ownerFee);
}

The funds are transferred to the hook contract using _vault.sendTo. However the absence of a withdrawal function means these funds are permanently locked.

Impact

The fees collected from swaps are inaccessible, resulting in a financial loss for the owner.

Tools Used

Manual Code Review

Recommendations

Add a function to the contract that allows the owner to withdraw the accumulated fees. The function should transfer the collected fees (ownerFee) to the owner's address.

function withdrawFees(address token) external onlyOwner {
uint256 balance = IERC20(token).balanceOf(address(this));
require(balance > 0, "No fees to withdraw");
IERC20(token).safeTransfer(msg.sender, balance);
}
Updates

Lead Judging Commences

n0kto Lead Judge 4 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding_ownerFee_cannot_be_withdrawn

Likelihood: High, every swap. Impact: High, funds are stuck.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.