Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

Consider Adding Input Validation for Route Parameters

gaurav11018

Summary

The addRoute function accepts route parameters without validation. While protected by onlyManagement and Curve Router's own checks, adding basic validation could improve error reporting and management UX.

Vulnerability Details

function addRoute(
address[11] calldata _route,
uint256[5][5] calldata _swapParams,
address[5] calldata _pools
) external onlyManagement {
routes[nRoutes] = _route;
swapParams[nRoutes] = _swapParams;
pools[nRoutes] = _pools;
nRoutes++;
}

Impact

Low/Informational:

  • Invalid parameters will revert at swap time rather than route addition

  • Slightly worse UX for management when debugging route issues

Recommendation

function addRoute(
address[11] calldata _route,
uint256[5][5] calldata _swapParams,
address[5] calldata _pools
) external onlyManagement {
// Basic sanity checks for better error messages
require(_route[0] != address(0), "Invalid start token");
require(_pools[0] != address(0), "Invalid pool");
routes[nRoutes] = _route;
swapParams[nRoutes] = _swapParams;
pools[nRoutes] = _pools;
nRoutes++;
}
Updates

Appeal created

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.