Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The 0.3% fee Uniswap pool for the specified token pair may not be the most liquid one leading to worse price impact and slippage #2088

Open
codehawks-bot opened this issue Aug 8, 2023 · 1 comment

Comments

@codehawks-bot
Copy link

The 0.3% fee Uniswap pool for the specified token pair may not be the most liquid one leading to worse price impact and slippage

Severity

High Risk

Relevant GitHub Links

https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Fees.sol#L34

Summary

The sellProfits function is always using the 0.3% fee pool, which may not be the most liquid one for the specified token pair, leading to worse slippage and price impact.

Vulnerability Details

The sellProfits function in Fees.sol swaps profits from one token to WETH. The issue arises due to the contract only using the 0.3% fee pools for each of the swaps.

ISwapRouter.ExactInputSingleParams memory params = ISwapRouter
            .ExactInputSingleParams({
                tokenIn: _profits,
                tokenOut: WETH,
                fee: 3000, // @audit the fee is hard coded to 0.3% in basis points <
                recipient: address(this),
                deadline: block.timestamp,
                amountIn: amount,
                amountOutMinimum: 0,
                sqrtPriceLimitX96: 0
});

This is an issue because some pairs' 0.3% pools may not be the most liquid ones. If the pool is not the most liquid one the swap will experience higher slippage than needed, losing some amount of funds in the process.

Impact

The slippage on swaps in pools with less liquidity will be higher than can be even with proper slippage tolerance.

Tools Used

Manual Review

Recommendations

Consider checking the liquidity in each of the available pools for the pair and swapping in the most liquid one.

@PatrickAlphaC
Copy link
Member

https://github.com/sturdyfi/code4rena-may-2022/pull/12/files

We've seen this in other competitions. Going to drop to medium pending the sponsors' thoughts. High doesn't make sense. here, it's just non-optimal slippage.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants