Open hats-bug-reporter[bot] opened 5 months ago
The contracts do not strive for maximum efficiency and this would require multiple pools with multiple liquidities.
The contracts do not strive for maximum efficiency and this would require multiple pools with multiple liquidities.
if the protocol doesn't strive for maximum efficiency, what it strives for then?
To allow users to deposit ETH and get CVX for the maximum efficiency you are seeking you need multiple pools. Looking specifically at Uniswap since only it uses paths, the only stable liquidity pools are ETH, WETH, USDC, USDT, WBTC and DAI, all of which trade 1 CVX for 2.60$. Unnecessary change imo, the sponsor can review this suggestion.
Github username: -- Twitter username: -- Submission hash (on-chain): 0x988a385d6457f31958a4e8f8645509933627a735f03ce1c46d99b6217f505ba6 Severity: medium
Description: Description\
In the current implementation of
StakingServiceBase
, the path when swapping two tokens is hardcoded which means that it cannot be always the optimal one. And if it's not the optimal one, it may lead to the users losing funds.Attack Scenario\
Let's say the user decided to call
depositETH
. It calls internaldepositETH
where the swap is performed:https://github.com/hats-finance/Convergence---Convex-integration-0xb3df23e155b74ad2b93777f58980d6727e8b40bb/blob/main/contracts/Staking/Convex/StakingServiceBase.sol#L704-713
The fact that it's basically hardcoded and not configurable could make the users lose money when swapping due to the change in efficiency between the pairs on Uniswap.
Recommendation
Consider making swap paths configurable.