[Lines of code](https://github.com/code-423n4/2022-05-sturdy/blob/78f51a7a74ebe8adfd055bdbaedfddc05632566f/smart-contracts/YieldManager.sol#L124) # Vulnerability details ## Details & Impact All harvested yield tokens are swapped through the Uniswap adapter to USDC. While out of scope, the Uniswap adapter code is relevant here, as I note that the path taken for the swap would be assetFrom -> WETH -> assetTo unless assetFrom is already WETH. The main issue is the assumption and usage of the 1% fee pool regardless of asset. Those that are familiar with UniV3 will know that there are multiple pool tiers for the same asset pair. Hence, it is possible that there are other pools (Eg. the pool with 0.3% fee) where majority of the liquidity lies instead. Furthermore, it could be possible that the pool with 1% fee **isn’t** **created**. Thus, attempts to swap via the specified path will fail, breaking yield distribution. ## Examples ### WETH -> USDC The yield manager swaps yield tokens (CRV, CVX + any additional rewards) to WETH, then to USDC, which is then swapped for other stablecoins if needed. The WETH / USDC [1% fee pool]() has ~$10.25M liquidity while the [0.05% fee pool]() has ~$250M liquidity, thus causing yield rewards to lose out due to pool slippage. ### poolId 4: SUSD The SUSD pool (Convex booster pool id 4) distributes SNX as an extra reward. The SNX/ETH [0.3% fee pool has ~$1.78M liquidity]() while the [1% fee pool]() has merely ~$36k liquidity (see [Uniswap stats]()). ### rKP3R rKP3R is distributed as an extra reward for a number of pools. There isn’t a [rKP3R / ETH pool created](). ## Recommended Mitigation Steps Enable skipping conversion for some assets, and have a mapping of the pool fee as part of the customisable configuration so that pools with the best liquidity can be used. --- The text was updated successfully, but these errors were encountered: All reactions