You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 26, 2023. It is now read-only.
Lending on Swivel: protocol fees not taken when remainder of underlying is swapped in YieldPool
Summary
The lend function for Swivel allows swapping the remainder underlying on Yield.
But it does not take protocol fees on this amount.
Vulnerability Detail
When executing orders on Swivel,
if the user has set e==true and there is remaining underlying,
the lending function will swap these funds using YieldPool.
But it does not take the protocol fees on that amount.
Impact
Some protocol fees will be lost.
Users may even use this function to trade on the YieldPool without incurring protocol fees.
While I think it can be rightfully said that at that point they can just straight away trade on the YieldPool without incurring fees, that can also be said about the general Illuminate/Yield lend function, which swaps on the YieldPool and does extract fees.
Code Snippet
In Swivel's lend function,
if the user has set e to true,
the following block will be executed.
Note that no fees are extracted from the raw balance.
if (e) {
// Calculate the premiumuint256 premium =IERC20(u).balanceOf(address(this)) - starting;
// Swap the premium for Illuminate principal tokensswivelLendPremium(u, m, y, premium, premiumSlippage);
}
// Lend remaining funds to Illuminate's Yield Space Pooluint256 swapped =yield(u, y, p, address(this), IMarketPlace(marketPlace).token(u, m, 0), slippageTolerance);
// Mint the remaining tokensIERC5095(principalToken(u, m)).authMint(msg.sender, swapped);
And yielddoesn't take protocol fees either. So the fees are lost from the premium.
Tool used
Manual Review
Recommendation
In the if(e) block of Swivel's lend, extract the protocol fee from premium.
The text was updated successfully, but these errors were encountered:
kenzo
medium
Lending on Swivel: protocol fees not taken when remainder of underlying is swapped in YieldPool
Summary
The
lend
function for Swivel allows swapping the remainder underlying on Yield.But it does not take protocol fees on this amount.
Vulnerability Detail
When executing orders on Swivel,
if the user has set
e==true
and there is remaining underlying,the lending function will swap these funds using YieldPool.
But it does not take the protocol fees on that amount.
Impact
Some protocol fees will be lost.
Users may even use this function to trade on the YieldPool without incurring protocol fees.
While I think it can be rightfully said that at that point they can just straight away trade on the YieldPool without incurring fees, that can also be said about the general Illuminate/Yield
lend
function, which swaps on the YieldPool and does extract fees.Code Snippet
In Swivel's
lend
function,if the user has set
e
to true,the following block will be executed.
Note that no fees are extracted from the raw balance.
swivelLendPremium
being:And
yield
doesn't take protocol fees either. So the fees are lost from the premium.Tool used
Manual Review
Recommendation
In the
if(e)
block of Swivel'slend
, extract the protocol fee frompremium
.The text was updated successfully, but these errors were encountered: