Skip to content
This repository has been archived by the owner on May 26, 2023. It is now read-only.

kenzo - Lending on Swivel: protocol fees not taken when remainder of underlying is swapped in YieldPool #45

Open
sherlock-admin opened this issue Nov 10, 2022 · 1 comment
Open

kenzo - Lending on Swivel: protocol fees not taken when remainder of underlying is swapped in YieldPool #45

sherlock-admin opened this issue Nov 10, 2022 · 1 comment
Labels
Has Duplicates Medium Sponsor Confirmed Will Fix

Comments

@sherlock-admin
Copy link
Contributor

kenzo

medium

Lending on Swivel: protocol fees not taken when remainder of underlying is swapped in YieldPool

Summary

The lend function for Swivel allows swapping the remainder underlying on Yield.
But it does not take protocol fees on this amount.

Vulnerability Detail

When executing orders on Swivel,
if the user has set e==true and there is remaining underlying,
the lending function will swap these funds using YieldPool.
But it does not take the protocol fees on that amount.

Impact

Some protocol fees will be lost.
Users may even use this function to trade on the YieldPool without incurring protocol fees.
While I think it can be rightfully said that at that point they can just straight away trade on the YieldPool without incurring fees, that can also be said about the general Illuminate/Yield lend function, which swaps on the YieldPool and does extract fees.

Code Snippet

In Swivel's lend function,
if the user has set e to true,
the following block will be executed.
Note that no fees are extracted from the raw balance.

                if (e) {
                    // Calculate the premium
                    uint256 premium = IERC20(u).balanceOf(address(this)) - starting;
                    // Swap the premium for Illuminate principal tokens
                    swivelLendPremium(u, m, y, premium, premiumSlippage);
                }

swivelLendPremium being:

        // Lend remaining funds to Illuminate's Yield Space Pool
        uint256 swapped = yield(u, y, p, address(this), IMarketPlace(marketPlace).token(u, m, 0), slippageTolerance);
        // Mint the remaining tokens
        IERC5095(principalToken(u, m)).authMint(msg.sender, swapped);

And yield doesn't take protocol fees either. So the fees are lost from the premium.

Tool used

Manual Review

Recommendation

In the if(e) block of Swivel's lend, extract the protocol fee from premium.
This was referenced Nov 11, 2022
Closed
Closed
Open
@sourabhmarathe
Copy link

https://github.com/Swivel-Finance/illumigrate/pull/233

@github-actions github-actions bot mentioned this issue Jan 16, 2023
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Has Duplicates Medium Sponsor Confirmed Will Fix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sourabhmarathe @hrishibhat @Evert0x @sherlock-admin