Part 2
Zaros
PerpetualsDEXFoundrySolidity
70,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Universal feeBps for all tokens in UniswapV3Adapter is ineffective

elolpuer

Summary

UniswapV3Adapter.sol uses the same feeBps for all tokens, which can lead to non-optimized swap paths, higher fees, or even failed swaps if a pool with the specified feeBps does not exist.

Vulnerability Details

Owner sets the same feeBps in UniswapV3Adapter.sol:setPoolFee() for all tokens:

function setPoolFee(uint24 newFee) public onlyOwner {
// revert if the new fee is not 500, 3000 or 10_000
if (newFee != 500 && newFee != 3000 && newFee != 10_000) revert Errors.InvalidPoolFee();
// set the new fee
feeBps = newFee;
// emit the event
emit LogSetPoolFee(newFee);
}

PoC

Take for example FeeConversionKeeper.sol which uses the same dexSwapStrategyId for all assets.
Assume dexSwapStrategyId is set to contract UniswapV3Adapter with feeBps = 0.05% (which is used for most of the pairs WBTC/ETH, USDC/ETH, USDT/ETH) and fee distribution needed for wstETH.

The only pool for pair wstETH/ETH on Arbitrum currently has feeBps = 0.01%

Swap will fail because Uniswap can't find pool with feeBps = 0.05% for this tokens.

Impact

Using feeBps for all tokens can lead to non-optimized swap paths, higher fees, or even failed swaps if a pool with the specified feeBps does not exist.

Tools Used

Manual Review

Recommendations

Dynamically select the most appropriate feeBps for each token pair based on available pools.

Updates

Lead Judging Commences

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!