Alchemix Transmuter

01. Relevant GitHub Links

• https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyArb.sol#L42C1-L45C6

• https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyOp.sol#L48C1-L51C6

02. Summary

The contract assigns addresses to certain state variables (e.g., router) without validating that they are non-zero. This can result in a situation where the logic dependent on this address becomes unusable if it is mistakenly set to address(0). Although not a front-running vulnerability, it can disrupt protocol functionality and availability.

03. Vulnerability Details

The issue arises from the lack of an address(0) check when assigning router addresses. If an address that is meant to facilitate token routing operations is set to the zero address, any functions relying on it would fail. For instance:

Here, no validation is performed to ensure _router is not address(0).

04. Impact

If the router variable is set to the zero address, token approvals and subsequent routing logic will fail. This could freeze the ability to perform necessary swaps, limiting yield generation or liquidity operations dependent on the router’s functionality.

05. Tools Used

Manual Code Review and Foundry

06. Recommended Mitigation

Add a check to ensure that the address passed in is not the zero address before assigning it to the router variable. For example:

This validation step would ensure that the contract maintains a valid routing configuration at all times and prevents accidental misconfiguration.