primitivefinance / portfolio

Here we treat _state.fee as if it were bounded above by 10000.

Lines 376 to 377 in ef7d189

    
           iteration.feeAmount = 
        
               ((iteration.remainder > maxInput ? maxInput : iteration.remainder) * _state.fee) / 10_000;

When creating a pool however, you can set its fee/priority fee to an arbitrary uint16 , i.e. fee <= 65535.

portfolio/contracts/Portfolio.sol

Lines 526 to 536 in ef7d189

    
           function _createPool( 
        
               uint24 pairId, 
        
               address controller, 
        
               uint16 priorityFee, 
        
               uint16 fee, 
        
               uint16 volatility, 
        
               uint16 duration, 
        
               uint16 jit, 
        
               uint128 maxPrice, 
        
               uint128 price 
        
           ) internal returns (uint64 poolId) {

You can trace this up to the external function multiprocess with no input validation on it. It's then possible to create pools with fees in excess of 100% which will then revert on any swap.

Ah, I see we do this after the fact here.

	iteration.feeAmount =
	((iteration.remainder > maxInput ? maxInput : iteration.remainder) * _state.fee) / 10_000;

	function _createPool(
	uint24 pairId,
	address controller,
	uint16 priorityFee,
	uint16 fee,
	uint16 volatility,
	uint16 duration,
	uint16 jit,
	uint128 maxPrice,
	uint128 price
	) internal returns (uint64 poolId) {

Pool fees can be set to be greater than 100%