PatrickAlphaC
commented
1 year ago User doesn't mention access controls or slippage parameters. Removing the amountOutMinimum finding.
Open codehawks-bot opened 1 year ago
PatrickAlphaC
commented
1 year ago User doesn't mention access controls or slippage parameters. Removing the amountOutMinimum finding.
UniswapV3 incorrect swap parameters will result in a swap failure and swap at a bad rate
Severity
Medium Risk
Hardcoded fee of 3000 (0.3 %) https://github.com/Cyfrin/2023-07-beedle/blob/main/src/Fees.sol#L34 will cause a swap failure for tokens which don't have 0.3 % fee pools. Another issue is swap at a bad rate because 0.3 % fee pool might have poor liquidity.
POC
https://gist.github.com/justefg/16c9d6125c45bb320fa152273015bccd
testUOSSwapCorrectFee and testUOSSwapInCorrectFee prove that not all coins have 0.3 % fee pools. In the test I used UOS which is ranked 328th on coinmarketcap. I'm sure there a lot more examples.
testUniswapFees shows that some pools have poor liquidity. In this example it's 0.01 % USDC / WETH and swapping tokens there would result in only 0.61 ETH received compared to 0.3 % and 0.05% with 0.998 and 0.999 ETH respectively.
Mitigation steps:
Add fee as a parameter along with minAmountOut
Add access control so only trusted parties could trigger it
Use an aggregator like one inch to find optimal routes or use a tool from uniswap
https://github.com/Uniswap/smart-order-router