SSSwap

First Flight #41

Beginner FriendlyRust

100 EXP

View results

Previous Next

Submission Details

Impact: medium

Likelihood: medium

Invalid

No Protocol Fee Mechanism inside the `swap_operations::swap_exact_in` function

mishraji874

Description: The AMM lacks a protocol fee mechanism, limiting sustainability and governance capabilities. The AMM implements a 0.3% fee for liquidity providers but lacks a protocol fee mechanism that could be used for treasury, buybacks, or other protocol sustainability measures. This is a medium severity issue as it limits the protocol's long-term sustainability and governance capabilities.

Impact:

Limited protocol sustainability without fee revenue
Reduced governance capabilities
Missed opportunity for protocol value accrual

Proof of Concept: In the current implementation, all fees go to liquidity providers:

// Current fee calculation

let lp_fees = (amount_out as u128 * 3).

div_floor(&1000) as u64;

amount_out = amount_out - lp_fees;

// No protocol fee is taken

Recommended Mitigation: Implement a protocol fee mechanism with governance control:

// Add to state/liquidity_pool.rs

#[account]

#[derive(InitSpace)]

pub struct LiquidityPool {

pub token_a: Pubkey,

pub token_b: Pubkey,

pub lp_mint: Pubkey,

pub bump: u8,

pub protocol_fee_numerator:

u64, // e.g., 1 for 0.1% fee

pub protocol_fee_denominator:

u64, // e.g., 1000

pub fee_recipient: Pubkey,

}

// Then in swap_operations.rs

pub fn swap_exact_in(context:

Context<SwapContext>, amount_in: u64,

min_out: u64, zero_for_one: bool) ->

Result<()> {

// Existing code...

let mut amount_out: u64 = numerator.

div_floor(&denominator) as u64;

// Calculate total fee (0.3%)

let total_fee = (amount_out as u128

* 3).div_floor(&1000) as u64;

// Split between LP and protocol if

protocol fee is enabled

let protocol_fee = if context.

accounts.liquidity_pool.

protocol_fee_numerator > 0 {

(total_fee as u128 * context.

accounts.liquidity_pool.

protocol_fee_numerator as u128)

.div_floor(&context.

accounts.liquidity_pool.

protocol_fee_denominator as

u128) as u64

} else {

};

let lp_fee = total_fee -

protocol_fee;

amount_out = amount_out - total_fee;

// If protocol fee is non-zero,

transfer to fee recipient

if protocol_fee > 0 {

// Transfer protocol fee to

recipient

// Implementation depends on

whether fee is taken in

token_in or token_out

}

// Rest of function...

Ok(())

}

Updates

Lead Judging Commences

0xtimefliez Lead Judge 12 days ago

Submission Judgement Published

Invalidated

Reason: Design choice

Rewards breakdown

This contest has a flat reward structure with the following payouts:

High

100 EXP

Medium

20 EXP

Low

2 EXP

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.