search

code-423n4 / 2024-02-wise-lending-findings

11 stars 8 forks source link

Hardcoded Uniswap V3 fee for Arbitrum #287

Closed c4-bot-1 closed 6 months ago

c4-bot-1 commented 6 months ago

Lines of code

https://github.com/code-423n4/2024-02-wise-lending/blob/main/contracts/PowerFarms/PendlePowerFarm/PendlePowerFarmDeclarations.sol#L95 https://github.com/code-423n4/2024-02-wise-lending/blob/main/contracts/PowerFarms/PendlePowerFarm/PendlePowerFarmLeverageLogic.sol#L278

Vulnerability details

Uniswap V3 offers 4 different fee tiers (0,01%, 0,05%, 0,3%, 1%). The hardcoded value used to call exactInputSingle, when the chain is Arbitrum, assumes that a pool with a fee tier of 0,01 either exists or has enough liquidity. This is not the ideal case as anybody can initialize these pools at the different fee tiers.

Impact

In case the pool is not initialized for the hardcoded fee tier, an attacker could deploy and initialize the pool with a manipulated price.

Proof of Concept

Tools Used

Manual review

Recommended Mitigation Steps

  1. Don't use a hardcoded value for the fee tier and check if the pair actually exists before using that particular fee.
  2. Check that the _depositAmount is not zero before executing other functions

Assessed type

DoS

vm06007 commented 6 months ago

This is OOS (out of scope) because it was already discussed during HatsFinance competitions. Can be dismissed.

c4-pre-sort commented 6 months ago

GalloDaSballo marked the issue as insufficient quality report

c4-pre-sort commented 6 months ago

GalloDaSballo marked the issue as primary issue

trust1995 commented 6 months ago

Hats submission ID - 0x543f9debbd742bf09ed95cedadde1c832441d9976e18cb6e096827c0eb584b68

c4-judge commented 6 months ago

trust1995 marked the issue as unsatisfactory: Out of scope