Lack of Duplicate Route Validation Leads to Inefficiencies and in CurveRouter Configuration
Summary
The addRoute function allows the addition of identical swap routes multiple times without any validation to prevent duplicates. This can lead to inefficiencies in the protocol and incorrect swap behavior.
In complex systems where each route may have varying configurations (e.g., different pools or swap parameters), duplicating routes can lead to conflicts in settings and inefficiencies.
Vulnerability Details
https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyMainnet.sol#L56C5-L66C1
The addRoute function allows the addition of multiple identical routes without any validation or checks to ensure route uniqueness. As a result, multiple identical routes could be added, leading to redundant Operations. The protocol might unnecessarily repeat the same swap logic multiple times, causing inefficiency in transaction processing.
Duplicates could cause the routing logic to select the same set of tokens repeatedly, leading to incorrect swap behavior or other inconsistencies in the protocol's operations.
Impact
The protocol may inadvertently double-count routes, leading to unexpected behavior
The system may unnecessarily compute the same route multiple times, increasing gas costs and reducing overall system efficiency.
The dynamic nature of route selection would be compromised leading to incorrect route selection.
Tools Used
Vscode, Manual analysis
Recommendations
Add a duplicate route check to ensure that identical routes are not added.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.