Fees are not transferred to the woopool_quote.token_vault after the swap

Summary

Swap fees are only added to the unclaimed fees and not transferred to the associated quote_token_vault after the swap making them impossible to withdraw later.

Vulnerability Detail

Currently the swap fees are taken after the swap:

https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/swap.rs#L151-152

    let swap_fee = checked_mul_div_round_up(quote_amount, fee_rate as u128, ONE_E5_U128)?;
    quote_amount = quote_amount.checked_sub(swap_fee).unwrap();

Then they are added to the unclaimed fees and withdrawn from the reserve of the woopool.quote:

https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/swap.rs#L192-194

 // record fee into account
    woopool_quote.sub_reserve(swap_fee).unwrap();
    woopool_quote.add_unclaimed_fee(swap_fee).unwrap();

The problem is that when the owner wants to claim fees, they are transferred from the token vault associated with the corresponding pool:

https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/admin/claim_fee.rs#L48-54

    transfer_from_vault_to_owner(
        woopool,
        token_vault,
        claim_fee_to_account,
        &ctx.accounts.token_program,
        claim_amount as u64,
    )?;

But in the handler() function only the swap amounts are transferred from the vault and to the vault.

Impact

It'll not be possible to claim fees for the owner as they are not transferred to the quote token vault upon the swap.

Code Snippet

Provided above.

Tool used

Manual Review

Recommendation

Transfer the fees to the quote token vault after the swap.

sherlock-audit / 2024-08-woofi-solana-deployment-judging

Creamy Carrot Yeti - Fees are not transferred to the woopool_quote.token_vault after the swap #6