QuantAMM

QuantAMM
49,600 OP
View results
Submission Details
Severity: high
Valid

Loss of Owner Fee Due to Locked Funds in `UpliftOnlyExample.sol`

Summary

In the UpliftOnlyExample.sol, the onAfterSwap hook calculates a fee to cover protocol expenses, splitting it into an admin fee and an owner fee. While the admin fee is correctly sent to the quantAMMAdmin, the owner fee is sent to the contract itself:

if (quantAMMFeeTake > 0) {
uint256 adminFee = hookFee / (1e18 / quantAMMFeeTake);
ownerFee = hookFee - adminFee;
address quantAMMAdmin = IUpdateWeightRunner(_updateWeightRunner).getQuantAMMAdmin();
_vault.sendTo(feeToken, quantAMMAdmin, adminFee);
emit SwapHookFeeCharged(quantAMMAdmin, feeToken, adminFee);
}
if (ownerFee > 0) {
@> _vault.sendTo(feeToken, address(this), ownerFee);
emit SwapHookFeeCharged(address(this), feeToken, ownerFee);
}

Since no functionality exists for the contract owner to withdraw the locked fees and also cannot use further, these funds are effectively lost.

Vulnerability Details

The funds designated as the owner fee are sent to the contract’s address itself and cannot be retrieved due to the absence of a withdrawal function or mechanism.

Impact

  1. Loss of owner fees, locking them permanently in the contract.

  2. Reduction in protocol revenue

Tools Used

Manual Review

Recommendations

  1. Add functionality in the contract to withdraw it by the admin. OR

  2. Change the receiver address if the ownerFee > 0

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding_ownerFee_cannot_be_withdrawn

Likelihood: High, every swap. Impact: High, funds are stuck.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.