Inability to change the swap path may lead to users losing funds

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0x988a385d6457f31958a4e8f8645509933627a735f03ce1c46d99b6217f505ba6 Severity: medium

Description: Description\

In the current implementation of StakingServiceBase, the path when swapping two tokens is hardcoded which means that it cannot be always the optimal one. And if it's not the optimal one, it may lead to the users losing funds.

Attack Scenario\

Let's say the user decided to calldepositETH. It calls internal depositETH where the swap is performed:

https://github.com/hats-finance/Convergence---Convex-integration-0xb3df23e155b74ad2b93777f58980d6727e8b40bb/blob/main/contracts/Staking/Convex/StakingServiceBase.sol#L704-713

   address[] memory path = new address[](2);
            path[0] = WETH;
            path[1] = _poolEthInfo.token;

The fact that it's basically hardcoded and not configurable could make the users lose money when swapping due to the change in efficiency between the pairs on Uniswap.

Recommendation

Consider making swap paths configurable.

[PlamenTSV]

The contracts do not strive for maximum efficiency and this would require multiple pools with multiple liquidities.

[rodiontr]

The contracts do not strive for maximum efficiency and this would require multiple pools with multiple liquidities.

if the protocol doesn't strive for maximum efficiency, what it strives for then?

[PlamenTSV]

To allow users to deposit ETH and get CVX for the maximum efficiency you are seeking you need multiple pools. Looking specifically at Uniswap since only it uses paths, the only stable liquidity pools are ETH, WETH, USDC, USDT, WBTC and DAI, all of which trade 1 CVX for 2.60$. Unnecessary change imo, the sponsor can review this suggestion.