Submission Details
Severity:
The _amountClaim parameter in the claimAndSwap in the strategy contracts is not validated to ensure it is within the claimable range for address(this)
Summary
The _amountClaim parameter in the claimAndSwap function is not validated. The value should be checked to ensure it is within the claimable range for address(this)
Vulnerability Details
function claimAndSwap(
uint256 _amountClaim,
uint256 _minOut,
uint256 _routeNumber
) external onlyKeepers {
//_amountClaim not validated
@> transmuter.claim(_amountClaim, address(this));
uint256 balBefore = asset.balanceOf(address(this));
require(_minOut > _amountClaim, "minOut too low");
router.exchange(
routes[_routeNumber],
swapParams[_routeNumber],
_amountClaim,
_minOut,
pools[_routeNumber],
address(this)
);
uint256 balAfter = asset.balanceOf(address(this));
require((balAfter - balBefore) >= _minOut, "Slippage too high");
transmuter.deposit(asset.balanceOf(address(this)), address(this));
}
Impact
This could lead to over-claiming of underlying tokens
Tools Used
Manual review
Recommendations
function claimAndSwap(
uint256 _amountClaim,
uint256 _minOut,
uint256 _routeNumber
) external onlyKeepers {
//@audit there should be a check on the amount claimable by this address this,
//@audit if _amountClaim within the range
+ require(_amountClaim > 0, "Claim amount must be greater than zero");
+ uint256 claimable = transmuter.getClaimableBalance(address(this));
+ require(_amountClaim <= claimable, "Claim amount exceeds amount claimable");
transmuter.claim(_amountClaim, address(this));
uint256 balBefore = asset.balanceOf(address(this));
require(_minOut > _amountClaim, "minOut too low");
//rest of the code
...
}
Prize pool breakdown
Total prize
16,653 OP
nSLOC
25366 OP / LOC
15,800
853
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.