search

code-423n4 / 2024-02-wise-lending-findings

11 stars 8 forks source link

Hardcoded uniswap v3 pool fee can not be the most profitable swap #218

Closed c4-bot-3 closed 5 months ago

c4-bot-3 commented 5 months ago

Lines of code

https://github.com/code-423n4/2024-02-wise-lending/blob/main/contracts/PowerFarms/PendlePowerFarm/PendlePowerFarmLeverageLogic.sol#L278 https://github.com/code-423n4/2024-02-wise-lending/blob/main/contracts/PowerFarms/PendlePowerFarm/PendlePowerFarmDeclarations.sol#L95

Vulnerability details

Impact

When someone enters or exits a power farm in Arbitrum chain, a swap between WETH and ENTRY_ASSET is executed:

        if (block.chainid == ARB_CHAIN_ID) {

            _depositAmount = _getTokensUniV3(
                _depositAmount,             // amountIn
                _getEthInTokens(
                        ENTRY_ASSET,
                        _depositAmount
                    )
                * reverseAllowedSpread
                / PRECISION_FACTOR_E18,     // amountOutMinimum
                WETH_ADDRESS,               // tokenIn
                ENTRY_ASSET                 // tokenOut
            );
        }

This function executes this swap in a uniswap pool with a hardcoded fee:

    // Uniswap fee for arbitrum
    uint24 internal constant UNISWAP_V3_FEE = 100;

    function _getTokensUniV3(
        uint256 _amountIn,
        uint256 _minOutAmount,
        address _tokenIn,
        address _tokenOut
    )
        internal
        returns (uint256)
    {
        return UNISWAP_V3_ROUTER.exactInputSingle(
            IUniswapV3.ExactInputSingleParams(
                {
                    tokenIn: _tokenIn,
                    tokenOut: _tokenOut,
                    fee: UNISWAP_V3_FEE,
                    recipient: address(this),
                    deadline: block.timestamp,
                    amountIn: _amountIn,
                    amountOutMinimum: _minOutAmount,
                    sqrtPriceLimitX96: 0
                }
            )
        );
    }

In this case, the uniswap fee is hardcoded to 100 which corresponds to a 0.01%.

Even though 0.01% seems the cheapest uniswap fee, it may not be the most profitable pool to execute the swap. This can be due to the pool not being intialized, or having low liquidity. Normally for pegged tokens like USDC/DAI the 0.01% fee pool should have enough liquidity to execute a swap and it will be the most profitable one. However, for different tokens the best pool/the best path to execute a swap may not be just as straightforward as choosing the lowest fee pool and executing the swap in there.

Tools Used

Manual review

Recommended Mitigation Steps

Adjusting the fee pool to execute the swaps should be done when creating the power farm knowing which token will be involved. Some research needs to be done to determine which fee pool can provide more outcome given the pool fee, the liquidity and impact that the swap will have into that pool.

It is also worth noting that for some tokens the best swap may be a path with intermediate tokens. For example stETH -> USDC, USDC -> WETH.

Assessed type

Uniswap

c4-pre-sort commented 5 months ago

GalloDaSballo marked the issue as insufficient quality report

c4-pre-sort commented 5 months ago

GalloDaSballo marked the issue as duplicate of #287

c4-judge commented 5 months ago

trust1995 marked the issue as unsatisfactory: Out of scope