Light ModeLight
Light ModeDark

One Bug Per Day

One H/M every day from top Wardens

Checkmark

Join over 1125 wardens!

Checkmark

Receive the email at any hour!

Ad

Panoptic pool can be non-profitable by specific Uniswap governance

mediumCode4rena

Lines of code

https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/CollateralTracker.sol#L247-L251 https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/CollateralTracker.sol#L261-L263

Vulnerability details

Impact

Swap commission is paid on the intrinsic value based on s_ITMSpreadFee in CollateralTracker contract. If s_ITMSpreadFee is zero, then swap commission can not be paid.

Proof of Concept

solidity
    function startToken(
        bool underlyingIsToken0,
        address token0,
        address token1,
        uint24 fee,
        PanopticPool panopticPool
    ) external {
        
        __SNIP__
        // cache the pool fee in basis points
        uint24 _poolFee;
        unchecked {
            _poolFee = fee / 100; // @audit below fee 0.01%, then _poolFee = 0  
        }
        s_poolFee = _poolFee;

        ...

        __SNIP__        
        // Additional risk premium charged on intrinsic value of ITM positions
        unchecked {
            s_ITMSpreadFee = uint128((ITM_SPREAD_MULTIPLIER * _poolFee) / DECIMALS);
        }
    }

As you can see above code snippet, If fee(Uniswap fee) is below 100, then _poolFee and s_ITMSpreadFee can be zero. Currently, there are no such pools that have below 0.01% fee on the UniswapV3. But Uniswap fee level can be adjusted by the governance proposal like November 2021. Here is the mention about it in Uniswap Protocol. Uniswap v3 introduces multiple pools for each token pair, each with a different swapping fee. Liquidity providers may initially create pools at three fee levels: 0.05%, 0.30%, and 1%. More fee levels may be added by UNI governance, e.g. the 0.01% fee level added by this governance proposal in November 2021, as executed here. https://dune.com/jcarnes/The-StableSwap-Wars Competitions between Protocols like Uniswap and Carbon, more fee levels can be added in the future.

Indeed, there are several discussions on the less fee levels in stable coins pair. https://gov.bancor.network/t/custom-taker-fee-on-stable-to-stable-trades/4370

  • Carbon has a protocol wide fee of 20 BP (basis points).
  • This fee, while appropriate for volatile pairs - is not in line with the market when it comes to stable to stable trades.
  • For reference, Uniswap added a 1 BP fee option (0.01%) - in November 2021 (link)
  • This proposal seeks to take this one step further and introduce a fee of 0.001% on stable to stable trades. This is 1/10th of a single basis point.

If protocol fee is less than 100 (i.e fee < 0.01 %), then PanopticPool's swap commission can not be taken.

Tools Used

Manual review

Recommended Mitigation Steps

Use Uniswap's DECIMALS (1e6) instead 10_000 and update all code related to DECIMALS.

Assessed type

Uniswap

OneBugPerDay.com
To all the whitehats, we salute you

Legal

Advertise with usPrivacy PolicyTerms of ServiceCookie PolicyAcceptable Use

Unsubscribe

Unsubscribe from all emailsConfirm unsubscribe via code

Subscribe

Subscribe via formConfirm subscription via codeChange your Preferences
Made by Alex The EntreprenerdVulnerabilities database by TinTinWeb