Insufficient Validation of Curve Swap Parameters in `claimAndSwap` in `StrategyMainnet.sol`
Summary
The claimAndSwap function in the contract assumes that the swap parameters (swapParams[_routeNumber] and pools[_routeNumber]) are correctly configured without performing validation.
This lack of checks can result in failed swaps or unintended token transfers if the parameters are malformed or misconfigured.
Vulnerability Details
The claimAndSwap function allows swapping tokens using predefined routes and parameters stored in swapParams and pools.
These parameters are accessed using _routeNumber, but no validation is performed to ensure their correctness or alignment with the intended WETH-to-alETH route.
Impact
Misconfigured or malicious parameters could lead to failed swaps, incorrect routes, or even token loss.
Recommendations
Add validation checks to ensure the correctness of swapParams and pools before using them in the router call.
These checks should verify:
That the specified pool matches the expected pool for the WETH-to-alETH route.
That swapParams[_routeNumber] contains valid and non-zero configurations.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.