Handle

0xsanson

Vulnerability details

Impact

In HybridPool’s flashSwap function there’s a transfer to barFeeTo

_transfer(tokenIn, fee, barFeeTo, false);

Here fee = (amountIn * swapFee) / MAX_FEE is the total swap fee. However it should transfer out only a fraction of it (barFee/MAX_FEE) otherwise liquidity providers wouldn’t get any reward.

Recommended Mitigation Steps

Calculate the appropriate fee to send to the barFeeTo.

The text was updated successfully, but these errors were encountered:

All reactions