Alchemix Transmuter

Summary

The swap functions in StrategyArb.sol and StrategyOp.sol use block.timestamp as a fixed deadline for swaps, which is particularly vulnerable to manipulation on Arbitrum due to its unique timestamp handling. This implementation provides inadequate protection against transaction delays and potential front-running attacks.

Vulnerability Details

The vulnerability exists in two key functions:

• StrategyArb.sol::_swapUnderlyingToAsset()

• StrategyOp.sol::_swapUnderlyingToAsset()

Current implementation:

The issue is compounded by several factors:

1. Arbitrum's Timestamp Mechanics:

   • Arbitrum's L2 block timestamps are derived differently from L1

   • Sequencers have significant control over transaction ordering and timestamp assignment

   • There can be substantial delays between transaction submission and execution

2. Validator Front-running Risk:

   • In PoS networks, validators know their block proposal slots in advance

   • Malicious validators can hold transactions and execute them at advantageous moments

   • No effective maximum delay is enforced, allowing indefinite transaction holding

3. MEV Impact:

   • Lack of deadline control enables MEV (Maximal Extractable Value) opportunities

   • Transactions can be sandwiched or reordered to extract value from swaps

Impact

The vulnerability can lead to:

• Execution of stale trades at unfavorable prices

• Increased exposure to MEV attacks

• Financial losses due to excessive slippage

• Potential denial of service through transaction delays

Tools Used

Recommendations

Consider allowing function caller to specify swap deadline input parameter.