Summary
In contract StrategyArb.sol, StrategyMainnet.sol function _harvestAndReport has wrong Implementation . If Condition statement is not doing anything that random behaviour of the EVM.
Vulnerability Details
This issue is classified as a Medium Severity finding due to the potential random behavior of the EVM.
In the StrategyArb.sol:156,StrategyMainnet.sol:180 contract, the function _harvestAndReport has if condition that does not do anything if condition is True it always stuck in that condition and have random behavior of EVM.
https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyArb.sol#L156
https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyMainnet.sol#L180
function _harvestAndReport()
internal
override
returns (uint256 _totalAssets)
{
uint256 claimable = transmuter.getClaimableBalance(address(this));
@> if (claimable > 0) {
}
uint256 unexchanged = transmuter.getUnexchangedBalance(address(this));
uint256 underlyingBalance = underlying.balanceOf(address(this));
_totalAssets = unexchanged + asset.balanceOf(address(this)) + underlyingBalance;
}
Impact
Gas Wastage
Random Behavior of EVM
Stuck or "Frozen" State
Tools Used
Manual Review
Recommendations
function _harvestAndReport()
internal
override
returns (uint256 _totalAssets)
{
uint256 claimable = transmuter.getClaimableBalance(address(this));
- if (claimable > 0) {
// transmuter.claim(claimable, address(this));
- }
// NOTE : we can do this in harvest or can do seperately in tend
// if (underlying.balanceOf(address(this)) > 0) {
// _swapUnderlyingToAsset(underlying.balanceOf(address(this)));
// }
uint256 unexchanged = transmuter.getUnexchangedBalance(address(this));
// NOTE : possible some dormant WETH that isn't swapped yet
uint256 underlyingBalance = underlying.balanceOf(address(this));
_totalAssets = unexchanged + asset.balanceOf(address(this)) + underlyingBalance;
}
