Uplift Fee Overwrites quantAMMSwapFeeTake Instead of Using a Separate Variable
Summary
In the setQuantAMMUpliftFeeTake function:
the code incorrectly stores the uplift fee in quantAMMSwapFeeTake rather than using a dedicated variable (e.g., quantAMMUpliftFeeTake). This mixes two separate fees (swap fee vs. uplift fee) into a single state variable, causing confusion or unintended overrides.
Vulnerability Details
Impact
Fee Confusion: Because both the swap fee and the uplift fee are stored in quantAMMSwapFeeTake, the actual values for each may become unclear.
Functional Errors: Any logic relying on a distinct “uplift” fee might incorrectly read the “swap” fee, or vice versa.
Tools Used
Manual audit
Recommendations
Use a Separate State Variable. Introduce a dedicated variable, for example:
and assign _quantAMMUpliftFeeTake to that variable in the setQuantAMMUpliftFeeTake() function:
Adjust Getter.
Update the getQuantAMMUpliftFeeTake() function to return this new quantAMMUpliftFeeTake variable.
Lead Judging Commences
finding_quantAMMSwapFeeTake==quantAMMUplfitFeeTake
Likelyhood: High, calling setters or getters Impact: Low/Medium, both getters return `quantAMMSwapFeeTake` and `setQuantAMMUpliftFeeTake` modify `quantAMMUplfitFeeTake`. Real impact: those 2 values will be always the same.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.