UniV3OracleImpl doesn't have ability to pause swapping specific token
Summary
UniV3OracleImpl doesn't have ability to pause swapping specific token
Vulnerability Detail
When a pair is added to UniV3OracleImpl contract, then it's saved to $_pairOverrides variable. This variable contains information about swapping one currency to another. Later this information is queried by SwapperImpl contract in order to receive quote amount. In case if no inforamtion were stored to the $_pairOverrides, then default fee, period and discount are set. In case if uniswap has such pool, then trade is possible, even if $_pairOverrides doesn't contain information.
The problem is that currently owner of oracle doesn't have ability to disallow swapping of specific token/pair. Because of that user can't control some situations.
For example SwapperImpl have a lot of usdc and it's price has decreased. So anyone is interested to swap it for a good price. But SwapperImpl owner believes that this is temporal issue and the price will be better in some time, so he doesn't want to loose much on such trade. And he decides to temporarily freeze usdc swapping, but he can't as UniV3OracleImpl doesn't provide such ability and trade is possible when pool exists.
Impact
UniV3OracleImpl owner doesn't have ability to pause swapping specific token which can cost money for him
rvierdiiev
medium
UniV3OracleImpl doesn't have ability to pause swapping specific token
Summary
UniV3OracleImpl doesn't have ability to pause swapping specific token
Vulnerability Detail
When a pair is added to
UniV3OracleImplcontract, then it's saved to$_pairOverridesvariable. This variable contains information about swapping one currency to another. Later this information is queried bySwapperImplcontract in order to receive quote amount. In case if no inforamtion were stored to the$_pairOverrides, then default fee, period and discount are set. In case if uniswap has such pool, then trade is possible, even if$_pairOverridesdoesn't contain information.The problem is that currently owner of oracle doesn't have ability to disallow swapping of specific token/pair. Because of that user can't control some situations. For example
SwapperImplhave a lot of usdc and it's price has decreased. So anyone is interested to swap it for a good price. ButSwapperImplowner believes that this is temporal issue and the price will be better in some time, so he doesn't want to loose much on such trade. And he decides to temporarily freeze usdc swapping, but he can't as UniV3OracleImpl doesn't provide such ability and trade is possible when pool exists.Impact
UniV3OracleImpl owner doesn't have ability to pause swapping specific token which can cost money for him
Code Snippet
https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-oracle/src/UniV3OracleImpl.sol#L238-L241
Tool used
Manual Review
Recommendation
Add ability to not swap specific tokens.