c4-pre-sort
commented
1 year ago 0xSorryNotSorry marked the issue as low quality report
Open code423n4 opened 1 year ago
c4-pre-sort
commented
1 year ago 0xSorryNotSorry marked the issue as low quality report
c4-pre-sort
commented
1 year ago 0xSorryNotSorry marked the issue as duplicate of #916
c4-judge
commented
1 year ago Picodes changed the severity to QA (Quality Assurance)
Lines of code
https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/derivatives/Reth.sol#L180 https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/derivatives/Reth.sol#L83-L102
Vulnerability details
Impact
Hardcoding the uniswap fee can reduce the possibilities significantly and will lead to non optimal routes.
The current implementation can create loss of revenue due to hardcoded uniswap fee.
Proof of Concept
Usage of uniswap and hardcoding the fee in
Reth.sol.https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/derivatives/Reth.sol#L180
https://github.com/code-423n4/2023-03-asymmetry/blob/main/contracts/SafEth/derivatives/Reth.sol#L83-L102
Tools Used
Manual review.
Recommended Mitigation Steps
Consider allowing the fee to be passed as a function parameter. Also, since these are onlyAdmin functions, adding the possibility of swaps through an aggregator like 1inch or paraswap could be beneficial.