Liquidity Pool Deposit Accessibility

Summary

User with low liquidity can't participate the the Goat ecosystem.

Vulnerability Detail

Users with low liquidity face a barrier when attempting to deposit assets into the liquidity pool. To make a deposit, a user must provide a minimum amount of weth, equivalent to at least _pendingLiquidityFees + _pendingProtocolFees in the pool. However, the protocol currently requires a minimum withdrawal of _pendingProtocolFees of 0.1 ethers.

As of the time of this audit, the value of 0.1 ethers is approximately $400, with the potential to rise to $1000 in the foreseeable future.

Impact

Less user will use the protocol, and less liquidity will inflow in the Goat ecosystem.

Code Snippet

https://github.com/sherlock-audit/2024-03-goat-trading/blob/main/goat-trading/contracts/exchange/GoatV1Pair.sol#L114-L174

Proof of concept

In the mint() function, the calculation for the amount of weth deposited is as follows:

amountWeth = balanceEth - reserveEth - _pendingLiquidityFees - _pendingProtocolFees;

Where:

balanceEth: weth balance held by the contract
reserveEth: reserve of weth in the Pair contract
_pendingLiquidityFees: liquidity fees for users
_pendingProtocolsFees: protocol fees for the protocol

However, the minimum amount for the protocol to withdraw fees is set in the Factory contract as:

uint256 public minimumCollectableFees = 0.1 ether;

Tool used

Manual analysis

Recommendation

Lowering the minimumCollectableFees to a reasonable value would enhance accessibility for users with low liquidity, allowing them to deposit into the pool and potentially invest in the future of GoatFinance. Adjusting this parameter can facilitate broader participation and contribute to a more inclusive ecosystem.

sherlock-audit / 2024-03-goat-trading-judging

m4k2 - Liquidity Pool Deposit Accessibility #54