QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: high

Valid

`ownerFee` is lost forever

inh3l

Summary

UpliftOnlyExample and its extensions have no function to retrieve tokens since it's meant to be a router. However, if ownerfees are sent to the contract, making them to be lost forever.

Vulnerability Details

When the onAfterSwap hook is called, the owner fee is calculated and sent to address(this) instead of to the owner.

if (ownerFee > 0) {

@> _vault.sendTo(feeToken, address(this), ownerFee);

emit SwapHookFeeCharged(address(this), feeToken, ownerFee);

}

The contract has no function to retrieve excess tokens, as a result the fees are lost forever.

Impact

Fees are lost, leading to loss of funds.

Tools Used

Manual Review

Recommendations

Send the fees to the owner instead, or introduce a function to retrieve excess tokens.

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding_ownerFee_cannot_be_withdrawn

Likelihood: High, every swap. Impact: High, funds are stuck.

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.