Light
DarkOne Bug Per Day
One H/M every day from top Wardens
Join over 1120 wardens!
Receive the email at any hour!
Single UniswapV3Swapper using a single fee makes it highly likely to be suboptimal
mediumLines of code
https://github.com/Tapioca-DAO/tapioca-yieldbox-strategies-audit/blob/05ba7108a83c66dada98bc5bc75cf18004f2a49b/contracts/stargate/StargateSwapperV3.sol#L94-L104 https://github.com/Tapioca-DAO/tapioca-periph-audit/blob/023751a4e987cf7c203ab25d3abba58f7344f213/contracts/Swapper/UniswapV3Swapper.sol#L180-L192
Vulnerability details
Impact
The UniswapV3Swapper uses a hardcoded poolFee instead of checking the chain for the best option (For both Stargate and in general)
solidityISwapRouter.ExactInputSingleParams memory params = ISwapRouter .ExactInputSingleParams({ tokenIn: tokenIn, tokenOut: tokenOut, fee: poolFee, /// @audit MED - Pool Fee hardcoded exposes Swaps to suboptimal routes in most cases recipient: swapData.yieldBoxData.depositToYb ? address(this) : to, deadline: deadline, amountIn: amountIn, amountOutMinimum: amountOutMin, sqrtPriceLimitX96: 0 });
Fees liquidity and price can change and fees are unique to type of pairs.
For highly liquid pairs, such as WETH and wBTC, low fees are best, while for more exotic pairs, such as CRV or AAVE, higher fees may be necessary
Limiting the swapper to a single fee tier can cause a significant loss on each swap
Examples
By checking info.uniswap
https://info.uniswap.org/#/tokens/0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2
We can see that USDC/ETH has a 5BPS fee While wBTC/ETH has highest liquidity on it's 30 BPS fee tier
Even looking at stargate, we can see that it uses a 1% fee for USDC / STG and a 30 BPS fee for STG / ETH
Mitigation
Add an extra check to find the most liquid fee, a simple slot0 check for liquidity can be sufficient in most cases
Additional Resources
Check my submission here: https://github.com/sherlock-audit/2023-04-splits-judging/blob/15ed1328bed52511a772aeb1a8607db1bcf11163/001-H/103.md
Assessed type
Oracle