The query_pool_info_for_factory function is used to retrieve information about the pool contract. The function returns a type of data LiquidityPoolInfo, which is comprised of the following fields:
total_fee_bps represents the fee paid in each swap on the pool. However, in query_pool_info_for_factory we can see that total_fee_bps is instead used to contain the max_allowed_spread_bps.
let total_fee_bps = config.max_allowed_spread_bps;
Code snippet from the query_pool_info_for_factory function. It assigns config.max_allowed_spread_bps to total_fee_bps.
Impact: The incorrect returned value for the total_fee_bps field puts a risk on 3rd party integrations.
Recommendation: Return total_fee_bps instead of max_allowed_spread_bps.
file: contracts/pool/src/contract.rs location: query_pool_info_for_factory
The
query_pool_info_for_factoryfunction is used to retrieve information about the pool contract. The function returns a type of dataLiquidityPoolInfo, which is comprised of the following fields:Definition of the LiquidityPoolnfo struct.
total_fee_bpsrepresents the fee paid in each swap on the pool. However, inquery_pool_info_for_factorywe can see thattotal_fee_bpsis instead used to contain themax_allowed_spread_bps.Code snippet from the query_pool_info_for_factory function. It assigns
config.max_allowed_spread_bpstototal_fee_bps.Impact: The incorrect returned value for the
total_fee_bpsfield puts a risk on 3rd party integrations.Recommendation: Return
total_fee_bpsinstead ofmax_allowed_spread_bps.