QuantAMM

QuantAMM
49,600 OP
View results
Submission Details
Severity: high
Valid

`ownerFee` is lost forever

Summary

UpliftOnlyExample and its extensions have no function to retrieve tokens since it's meant to be a router. However, if ownerfees are sent to the contract, making them to be lost forever.

Vulnerability Details

When the onAfterSwap hook is called, the owner fee is calculated and sent to address(this) instead of to the owner.

if (ownerFee > 0) {
@> _vault.sendTo(feeToken, address(this), ownerFee);
emit SwapHookFeeCharged(address(this), feeToken, ownerFee);
}

The contract has no function to retrieve excess tokens, as a result the fees are lost forever.

Impact

Fees are lost, leading to loss of funds.

Tools Used

Manual Review

Recommendations

Send the fees to the owner instead, or introduce a function to retrieve excess tokens.

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding_ownerFee_cannot_be_withdrawn

Likelihood: High, every swap. Impact: High, funds are stuck.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.