Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Incorrect Minimum Output Validation in Swap Function

darshan

Summary

The swap function in the smart contract contains a logical issue in the _minOut validation. The condition require(_minOut > _amountClaim, "minOut too low"); ensures _minOut exceeds _amountClaim but may be unnecessarily restrictive. This could disrupt transactions where exact equality is acceptable.

https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyMainnet.sol#L99C9-L100C1

Vulnerability Details

The current implementation enforces a strict inequality:

require(_minOut > _amountClaim, "minOut too low");

This logic does not allow for cases where _minOut == _amountClaim, potentially preventing valid swaps where the output equals the claimed amount, especially in tightly constrained market conditions.

Impact

It prevents swaps where no profit is possible but breaking even is acceptable.

Legitimate swaps may fail, especially in low-slippage scenarios.

Reduces the usability of the contract for traders seeking to avoid losses rather than guarantee profit.

Tools Used

Manual review

Recommendations

require(_minOut >= _amountClaim, "minOut too low");
Updates

Appeal created

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.