QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: high
Valid

Permanent token locking issue in UpliftOnlyExample contract

ragnarok

Summary

Tokens are stuck in the UpliftOnlyExample contract because there is no mechanism to withdraw them.

Vulnerability Details

In the UpliftOnlyExample::onAfterSwap function, the ownerFee is transferred from the Vault to the UpliftOnlyExample contract. However, the contract lacks any functionality to withdraw tokens, leading to the tokens being permanently locked within the contract.

UpliftOnlyExample::onAfterSwap function:

function onAfterSwap(
AfterSwapParams calldata params
) public override onlyVault returns (bool success, uint256 hookAdjustedAmountCalculatedRaw) {
hookAdjustedAmountCalculatedRaw = params.amountCalculatedRaw;
if (hookSwapFeePercentage > 0) {
uint256 hookFee = params.amountCalculatedRaw.mulUp(hookSwapFeePercentage);
if (hookFee > 0) {
...
if (ownerFee > 0) {
=> _vault.sendTo(feeToken, address(this), ownerFee);
emit SwapHookFeeCharged(address(this), feeToken, ownerFee);
}
}
}
return (true, hookAdjustedAmountCalculatedRaw);
}

Impact

Tokens become inaccessible and irrecoverable, potentially leading to financial loss.

Recommendations

Implement a function restricted to the contract owner that allows token withdrawals. Alternatively, update the logic to transfer the ownerFee to an externally owned address (EOA).

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding_ownerFee_cannot_be_withdrawn

Likelihood: High, every swap. Impact: High, funds are stuck.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.