Missing separate variable for uplift fee
Summary
In the UpdateWeightRunner contract, the functions getQuantAMMSwapFeeTake() and setQuantAMMSwapFeeTake() serve as the getter and setter for the swap fees, with the corresponding variable being quantAMMSwapFeeTake. Additionally, there are two more functions—getQuantAMMUpliftFeeTake() and setQuantAMMUpliftFeeTake()—which are intended for managing the uplift fee.
The problem is that all four functions are using the same variable, quantAMMSwapFeeTake, instead of using a separate variable for the uplift fee, as would be expected given the presence of distinct functions for this purpose.
Vulnerability Details
https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-quantamm/contracts/UpdateWeightRunner.sol#L126-L154
Impact
It is not possible to set different value for the uplift fee from the value of the swap fee
Tools Used
Manual review
Recommendations
Use separate variable for uplift fee
Lead Judging Commences
finding_quantAMMSwapFeeTake==quantAMMUplfitFeeTake
Likelyhood: High, calling setters or getters Impact: Low/Medium, both getters return `quantAMMSwapFeeTake` and `setQuantAMMUpliftFeeTake` modify `quantAMMUplfitFeeTake`. Real impact: those 2 values will be always the same.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.