Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing `removeRoute` Functionality in `StrategyMainnet.sol`

Fortis Audits

Summary

The addRoute function in StrategyMainnet.sol allows adding new routes to be used in Curve Router swaps. However, there is no corresponding removeRoute function to delete or deactivate routes when they are no longer needed or become invalid. This lack of flexibility can lead to issues such as retaining outdated or insecure routes, which can increase risk and operational complexity.

Vulnerability Details

  • The addRoute function increments the nRoutes counter and assigns the provided route, swap parameters, and pools to their respective mappings.

  • Without a removeRoute function, there is no way to delete specific routes when they are no longer valid, or if they were added incorrectly.

Code Snippet

https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyMainnet.sol#L56

Impact

  • Accumulation of unused or invalid routes in the contract.

  • Increased complexity in managing valid routes.

  • Retained routes may become vulnerable if they reference outdated or compromised pools.

Tools Used

Manual Review.

Recommendations

Introduce a removeRoute function to allow the removal of specific routes by their index.

Updates

Appeal created

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.