elmutt
commented
1 year ago known issue. thanks
Open code423n4 opened 1 year ago
elmutt
commented
1 year ago known issue. thanks
d3e4
commented
1 year ago 
c4-judge
commented
1 year ago Picodes marked the issue as satisfactory
MITIGATION IS NOT CONFIRMED
MITIGATION IS NOT CONFIRMED
Mitigation of M-09: Issue not mitigated
Link to Issue: https://github.com/code-423n4/2023-03-asymmetry-findings/issues/673
Even though the contest repository (https://github.com/code-423n4/2023-05-asymmetry-mitigation-contest revision 431a4b751fb7e184b847a41509b97e4d67971d2f) doesn't mention a changeset for M-09, I assume the corresponding pull request is the following https://github.com/asymmetryfinance/smart-contracts/pull/228/files
Comments
Issue M-09 mentions that the current pool (Uniswap) used to swap rETH isn't ideal as it doesn't provide the best liquidity available. In the associated mitigation, Uniswap has been replaced to use RocketSwapRouter, as per the warden recommendation in the report for M-09.
The sponsor followed the recommendation in the report, however, the implementation has hardcoded the parameters that control swap portions for the different pools to use only Balancer. This is not ideal, as a large swap amount may benefit from splitting the operation through different pools. This is also mentioned in the original report by the author:
For a more detailed explanation, see my concerns expressed in MR for M-04 regarding how RocketSwapRouter has been implemented.