The roerouter hard-coded address error causes all fee funds to be sent to the treasury instead of the vault.
This will reduce the capital utilization rate, because the fee should be added to the LP to earn interest, but now because the vault address cannot be obtained, the funds are idle in the treasury and cannot be utilized.
Proof of Concept
address constant public treasury = 0x22Cc3f665ba4C898226353B672c5123c58751692;
address constant roerouter = 0x22Cc3f665ba4C898226353B672c5123c58751692;
address vault;
// Call vault address in a try/catch structure as it's defined as a constant, not available in testing
if (roerouter.code.length > 0) {
try RoeRouter(roerouter).getVault(address(TOKEN0.token), address(TOKEN0.token)) returns (address _vault) {
vault = _vault;
}
catch {}
}
The roerouter incorrectly used the treasury address, resulting in the inability to obtain the correct vault address.
Tools Used
Manual review
Recommended Mitigation Steps
According to the documentation, the correct address should be 0x5430A027CC128c7fcC2208Fd78E56Aa0EBF083F2
Lines of code
https://github.com/GoodEntry-io/ge/blob/c7c7de57902e11e66c8186d93c5bb511b53a45b8/contracts/TokenisableRange.sol#L63
Vulnerability details
Impact
The roerouter hard-coded address error causes all fee funds to be sent to the treasury instead of the vault. This will reduce the capital utilization rate, because the fee should be added to the LP to earn interest, but now because the vault address cannot be obtained, the funds are idle in the treasury and cannot be utilized.
Proof of Concept
The roerouter incorrectly used the treasury address, resulting in the inability to obtain the correct vault address.
Tools Used
Manual review
Recommended Mitigation Steps
According to the documentation, the correct address should be 0x5430A027CC128c7fcC2208Fd78E56Aa0EBF083F2
Assessed type
Error