search

sherlock-audit / 2024-08-woofi-solana-deployment-judging

2 stars 2 forks source link

Albort - Incorrect Fee Rate Selection #76

Open sherlock-admin3 opened 1 month ago

sherlock-admin3 commented 1 month ago

Albort

Medium

Incorrect Fee Rate Selection

Summary

The logic for selecting the fee_rate may not accurately reflect the intended fee structure, especially when swapping between base tokens and quote tokens.

Vulnerability Detail

When swapping from the quote token to a base token, the fee rate should typically be taken from the pool associated with the base token being received. When swapping from a base token to the quote token, the fee rate should come from the pool of the base token being sold. The current logic may apply the wrong fee rate or an inconsistent fee rate, especially when swapping between two base tokens.

Impact

Code Snippet

https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/query.rs#L86

Tool used

Manual Review

Recommendation

toprince commented 1 month ago

Not valid. Swap fee is in quote token.