Skip to content

Latest commit

 

History

History
59 lines (41 loc) · 1.91 KB

060.md

File metadata and controls

59 lines (41 loc) · 1.91 KB

Brave Saffron Rooster

High

Only part of protocol fees are calculated when setProtocolFee is updated.

Summary

Only part of protocol fees are calculated when setProtocolFee is updated.

Root Cause

In AutoCompoundingPodLp.sol, when setProtocolFee is updated, the _processRewardsToPodLp is called to collect protocol fees.

https://github.com/sherlock-audit/2025-01-peapods-finance/blob/main/contracts/contracts/AutoCompoundingPodLp.sol#L468-L474

        function setProtocolFee(uint16 _newFee, uint256 _lpMinOut, uint256 _deadline) external onlyOwner {
        require(_newFee <= 1000, "MAX");
@>  _processRewardsToPodLp(_lpMinOut, _deadline);
        uint16 _oldFee = protocolFee;
        protocolFee = _newFee;
        emit SetProtocolFee(_oldFee, _newFee);
    }

However, in _processRewardsToPodLp, only maxSwap[_token] of the token is swapped to the paired token, and the protocol fee is applied only to this amount. I believe the old protocol fee should be applied to the entire amount of _token to process LP Tokens. https://github.com/sherlock-audit/2025-01-peapods-finance/blob/main/contracts/contracts/AutoCompoundingPodLp.sol#L249-L256

    function _tokenToPairedLpToken(address _token, uint256 _amountIn) internal returns (uint256 _amountOut) {
        address _pairedLpToken = pod.PAIRED_LP_TOKEN();
        address _swapOutputTkn = _pairedLpToken;
        if (_token == _pairedLpToken) {
            return _amountIn;
@>   } else if (maxSwap[_token] > 0 && _amountIn > maxSwap[_token]) {
@>       _amountIn = maxSwap[_token];
        }

Internal Pre-conditions

No response

External Pre-conditions

No response

Attack Path

No response

Impact

Applying the old protocol fee to only part of the amount of reward tokens may result in a loss or increase in LP Tokens.

PoC

No response

Mitigation

Please apply the protocol fee to all reward tokens