Issue with `_minOut` condition in `claimAndSwap` function
Summary
The claimAndSwap function in the StrategyMainnet contract contains a requirement that the _minOut parameter must be greater than _amountClaim:
This constraint can lead to unintended behavior, as the price of alETH (the synthetic asset) and WETH (the underlying token) can often be the same (1:1) since both represent Ether. In such cases, there is no economic loss; however, the transaction would still revert due to the _minOut > _amountClaim condition. This unnecessarily blocks valid swaps.
Vulnerability Details
The contract assumes that the output of the swap (_minOut) must be strictly greater than the input (_amountClaim). However, this assumption does not account for scenarios where:
alETH and WETH are priced equally (1:1): Both represent Ether, and parity swaps are common.
Swaps occur at parity (1:1): These should not be considered a loss, but the current requirement blocks such transactions.
If _minOut is equal to _amountClaim, the transaction reverts, preventing valid execution where no loss occurs.
Impact
Blocks valid swaps where the output is equal to the input (1:1 parity).
Prevents efficient strategy execution in cases where parity swaps are operationally necessary.
Increases the risk of missed opportunities or inefficient behavior in certain market conditions.
Tools Used
Recommendations
Adjust the Condition for Valid Swaps:
Modify the requirement to allow swaps at parity. For example:
This change permits parity swaps, ensuring valid transactions are not blocked.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.