Alchemix Transmuter

Alchemix

DeFiFoundrySolidity

16,653 OP

View results

Previous Next

Submission Details

Severity: low

Invalid

Getter Functions not used: Redundant external calls in StrategyArb.sol

hi_there

Summary

The contract is making unnecessary external calls to fetch data, even though internal getter functions are available. This results in higher gas costs and potential security risks. The issue needs optimization to ensure internal getters are used whenever possible.

Vulnerability Details

StrategyArb.sol::_freeFunds();

function _freeFunds(uint256 _amount) internal override {

// External call here,

- uint256 totalAvailabe = transmuter.getUnexchangedBalance(address(this));

+ uint256 totalAvailable = unexchangedBalance();

if (_amount > totalAvailable) {

transmuter.withdraw(totalAvailable, address(this));

} else {

transmuter.withdraw(_amount, address(this));

}

StrategyArb::balanceDeployed()

function balanceDeployed() public view returns (uint256) {

// External call to transmuter here

return transmuter.getUnexchangedBalance(address(this)) + underlying.balanceOf(address(this)) + asset.balanceOf(address(this));

}

StrategyArb::_harvestAndReport();

function _harvestAndReport()

internal

override view

returns (uint256 _totalAssets)

{

// External call here

- uint256 claimable = transmuter.getClaimableBalance(address(this));

+ uint256 claimable = claimableBalance();

if (claimable > 0) {

// transmuter.claim(claimable, address(this));

}

// NOTE : we can do this in harvest or can do seperately in tend

// if (underlying.balanceOf(address(this)) > 0) {

// _swapUnderlyingToAsset(underlying.balanceOf(address(this)));

// }

// External call here also

- uint256 unexchanged = transmuter.getUnexchangedBalance(address(this));

+ uint256 unexchanged = unexchangedBalance();

// NOTE : possible some dormant WETH that isn't swapped yet

uint256 underlyingBalance = underlying.balanceOf(address(this));

_totalAssets = unexchanged + asset.balanceOf(address(this)) + underlyingBalance;

}

StrategyArb::availableWithdrawLimit()

function availableWithdrawLimit(

address /*_owner*/

) public view override returns (uint256) {

// External call her, also

return asset.balanceOf(address(this)) + transmuter.getUnexchangedBalance(address(this));

}

Impact

The bug leads to unnecessary external calls, which increases gas costs and may cause inefficiencies in the contract. This also introduces potential security risks by relying on external contracts when internal functions could be used instead.

Tools Used

Manual Review

Recommendations

Use internal function, instead of external calls

Updates

Appeal created

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

16,653 OP

nSLOC

253

66 OP / LOC

High Medium

15,800

Low

853

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.