The reserve checks for the swap fee are only performed when woopool_from.token_mint != woopool_from.quote_token_mint.
Vulnerability Detail
When swapping from a base token to the quote token, the fee is deducted from the quote amount, and the protocol needs to ensure that the quote pool has enough reserve to cover the fee.
However, when swapping from the quote token to a base token, the fee is also deducted from the quote amount, but the reserve check is not performed in this case.
This inconsistency could lead to situations where the protocol cannot cover the fee from its reserves.
Zesty Sage Tapir
Medium
Inconsistent Reserve Checks for Fee Deduction
Summary
The reserve checks for the swap fee are only performed when
woopool_from.token_mint != woopool_from.quote_token_mint.Vulnerability Detail
Impact
Code Snippet
https://github.com/sherlock-audit/2024-08-woofi-solana-deployment/blob/main/WOOFi_Solana/programs/woofi/src/instructions/query.rs#L118
Tool used
Manual Review
Recommendation
Perform the reserve check for the swap fee regardless of the token being swapped from or to.