Summary

In the onSwap function there is no explicit handling of fees apart from a comment that says:
// Fees are added after scaling happens, to reduce the complexity of the rounding direction analysis.

Vulnerability Details

• For Exact-In Swap:

• The function calculates the amount of the output token the user will receive given their output. However, no explicit mention of fees is included in this calculation.

• For Exact-Out Swap:

The function calculates the amount of input tokens the user must provide to receive a specific amount of output tokens. Again no explicit handling of fees is included here.

The comment i provided above about fees implies that fees are added after scaling process but there is no visible implementation in the function

Impact

• Absence of fees application can cause:
  Zero or reduced revenue:
  If fees are missing, the pool collects no revenue from swaps causing LPs to lose out on their expected returns.
  Economic Exploitation:
  Without fees, traders (especially arbitrageurs) can execute swaps at a much lower cost, extracting value from the pool with minimal penalties.
  Protocol Vulnerability:
  If fees are improperly applied, the protocol might not distribute them fairly among LPs leading to dissatisfaction and liquidity withdrawal.

Tools Used

Manual Review

Recommendations

Includes Fees in the Swap Logic
For Exact-In Swaps, after calculating amountOutScaled18, fees should be deducted from the output amount.
While for Exact-Out Swaps, before calculating amountInScaled18, fees should be added to the input amount

Use a Fee parameter
Define a feePercentage variable as it is done here in this code snippet:

Make sure the fee is applied consistently in both the Exact-In and Exact-Out calculations.