Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: high
Invalid

Reentrancy vulnerability in claimAndSwap Function Allows Multiple Claims

allamloqman

Summary :

The claimAndSwap function in all protocol's implementations (StrategyOp.sol, StrategyMainnet.sol, StrategyArb.sol) is vulnerable to reentrancy attacks due to multiple calls without proper protection, allowing a keeper to perform multiple claims and swaps in transactions.

Vulnerability Details :

The function makes three sequential external calls without reentrancy protection:

function claimAndSwap(uint256 _amountClaim, uint256 _minOut, uint256 _routeNumber) external onlyKeepers {
transmuter.claim(_amountClaim, address(this)); // External Call #1
uint256 balBefore = asset.balanceOf(address(this));
router.exchange(...); // External Call #2
uint256 balAfter = asset.balanceOf(address(this));
transmuter.deposit(asset.balanceOf(address(this)), address(this)); // External Call #3
}

A malicious keeper could:

  1. Call claimAndSwap with initial amount

  2. Execute multiple claims before state updates

Impact :

The reentrancy vulnerability in claimAndSwap creates a severe risk to the protocol's assets and operations. A malicious keeper can exploit the unprotected external calls to execute multiple unauthorized claims and swaps within a single transaction, leading to direct fund losses. This vulnerability affects all three strategy implementations , putting the entire protocol's TVL at risk.

Tools Used :

  • Manual code review.

Recommendations :

  1. Implement OpenZeppelin's ReentrancyGuard

Updates

Appeal created

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality
inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.