Absence of Lower Bound Check for Swap Fees in `setQuantAMMSwapFeeTake` and `setQuantAMMUpliftFeeTake`
Summary
The setQuantAMMSwapFeeTake function and setQuantAMMUpliftFeeTake function does not validate a minimum acceptable value for the _quantAMMSwapFeeTake and _quantAMMUpliftFeeTake parameters respectively. This allows significantly small values, including 0 or 1 wei, to be set as swap fees. Such configurations can harm liquidity providers (LPs) by reducing their revenue and potentially lead to economic losses for the protocol.
Vulnerability Details
The function setQuantAMMSwapFeeTake and setQuantAMMUpliftFeeTake currently include the following validations:
This ensures that _quantAMMSwapFeeTake and _quantAMMUpliftFeeTake are not greater than 100%, but it does not prevent significantly small or zero values from being set. Without a lower bound, the following risks arise:
Economic Impact on LPs: LPs earn revenue from swap fees. Allowing near-zero or zero fees can make liquidity provision unprofitable, discouraging LP participation.
Protocol Misconfiguration Risk: An administrator could inadvertently set a low fee, harming the protocol’s revenue and LP rewards.
For example, passing _quantAMMSwapFeeTake = 1 wei would not revert, resulting in an almost negligible fee.
Impact
Loss of revenue for LPs.
Potential loss of trust in the protocol.
Risk of malicious or accidental misconfiguration that undermines the protocol's economic incentives.
Tools Used
Manual Review
Recommendations
To mitigate this issue, introduce a lower-bound check for _quantAMMSwapFeeTake and _quantAMMUpliftFeeTake to enforce a minimum swap fees:
-
Add a Require Statement for Minimum Fee:
Include a lower bound validation, such as:function setQuantAMMSwapFeeTake(uint256 _quantAMMSwapFeeTake) external override {require(msg.sender == quantammAdmin, "ONLYADMIN");+ require(_quantAMMSwapFeeTake >= 5e15, "Swap fee must be at least 0.05%");require(_quantAMMSwapFeeTake <= 1e18, "Swap fee must be less than 100%");uint256 oldSwapFee = quantAMMSwapFeeTake;quantAMMSwapFeeTake = _quantAMMSwapFeeTake;emit SwapFeeTakeSet(oldSwapFee, _quantAMMSwapFeeTake);}function setQuantAMMUpliftFeeTake(uint256 _quantAMMUpliftFeeTake) external{require(msg.sender == quantammAdmin, "ONLYADMIN");+ require(_quantAMMSwapFeeTake >= 5e15, "Swap fee must be at least 0.05%");require(_quantAMMUpliftFeeTake <= 1e18, "Uplift fee must be less than 100%");uint256 oldSwapFee = quantAMMSwapFeeTake;quantAMMSwapFeeTake = _quantAMMUpliftFeeTake;emit UpliftFeeTakeSet(oldSwapFee, _quantAMMUpliftFeeTake);} -
Default Fee Value:
Establish a default fee value at deployment or through governance that adheres to protocol economic goals. -
Governance Approval for Fee Changes:
For critical parameters like swap fees, consider requiring governance approval to ensure proper oversight.
By implementing these measures, the protocol can safeguard its revenue, protect LPs’ interests, and prevent accidental or malicious misconfiguration.
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Appeal created
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.