This should not be allowed or allowed on edge cases only.
For example, a swapper may have multiple tokens including the beneficiaryToken, user can unnecessarliy swap the beneficiary token for the reward which would have been flushed with other tokens anyways.
Uniswap and other big protocols also donot allow swapping of the same tokens.
Impact
Reward farming, and unecessary loss for the beneficiary
Do not allow the swapping of similar token, only allow it when it is absolutely necessary for example when there is no other erc20 token in the system.
Better add a separate callable function to send the received beneficiary token directly with out swapping and reward.
Also overriding each time is also not viable solution.
0xnirlin
medium
User gets unnecessary reward when baseToken and quoteToken are same. (Reward Farming) leading to loss for beneficiary
Summary
User gets the reward when both the baseToken and rewardToken are same, which should be not allowed which is unnecessary reward farming.
Vulnerability Detail
As in the following line we can see that same base token and quote token can be swapped as oracle give price as: https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-oracle/src/UniV3OracleImpl.sol#L258-L260
This should not be allowed or allowed on edge cases only.
For example, a swapper may have multiple tokens including the beneficiaryToken, user can unnecessarliy swap the beneficiary token for the reward which would have been flushed with other tokens anyways.
Uniswap and other big protocols also donot allow swapping of the same tokens.
Impact
Reward farming, and unecessary loss for the beneficiary
Code Snippet
https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-swapper/src/SwapperImpl.sol#L257-L281
Tool used
Manual Review
Recommendation
Do not allow the swapping of similar token, only allow it when it is absolutely necessary for example when there is no other erc20 token in the system. Better add a separate callable function to send the received beneficiary token directly with out swapping and reward.
Also overriding each time is also not viable solution.
Duplicate of #104