User gets unnecessary reward when baseToken and quoteToken are same. (Reward Farming) leading to loss for beneficiary

Summary

User gets the reward when both the baseToken and rewardToken are same, which should be not allowed which is unnecessary reward farming.

Vulnerability Detail

As in the following line we can see that same base token and quote token can be swapped as oracle give price as: https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-oracle/src/UniV3OracleImpl.sol#L258-L260

This should not be allowed or allowed on edge cases only.

For example, a swapper may have multiple tokens including the beneficiaryToken, user can unnecessarliy swap the beneficiary token for the reward which would have been flushed with other tokens anyways.

Uniswap and other big protocols also donot allow swapping of the same tokens.

Impact

Reward farming, and unecessary loss for the beneficiary

Code Snippet

https://github.com/sherlock-audit/2023-04-splits/blob/main/splits-swapper/src/SwapperImpl.sol#L257-L281

Tool used

Manual Review

Recommendation

Do not allow the swapping of similar token, only allow it when it is absolutely necessary for example when there is no other erc20 token in the system. Better add a separate callable function to send the received beneficiary token directly with out swapping and reward.

Also overriding each time is also not viable solution.

Duplicate of #104

sherlock-audit / 2023-04-splits-judging

0xnirlin - User gets unnecessary reward when baseToken and quoteToken are same. (Reward Farming) leading to loss for beneficiary #144