In some cases where the pair includes USDT, the feeToken in address priceQuoteToken = _getPriceQuoteToken(tokenIn, tokenOut); may be USDT. In this case, if fee > 0, the swap will fail due to the signature check on feeToken.mint
Vulnerability Detail
USDT does have a function called mint. This function is used to create new USDT tokens and transfer them to a specified address. The mint function can only be called by the owner of the USDT contract, which is Tether Limited
jprod15
medium
Swap could revert
Summary
In some cases where the pair includes USDT, the feeToken in address priceQuoteToken = _getPriceQuoteToken(tokenIn, tokenOut); may be USDT. In this case, if fee > 0, the swap will fail due to the signature check on feeToken.mint
Vulnerability Detail
USDT does have a function called mint. This function is used to create new USDT tokens and transfer them to a specified address. The mint function can only be called by the owner of the USDT contract, which is Tether Limited
Impact
swap will revert
Code Snippet
https://github.com/sherlock-audit/2023-04-unitasprotocol/blob/main/Unitas-Protocol/src/Unitas.sol#L230
Tool used
Manual Review
Recommendation
Check that the fee token is not USDT