Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing deadline check in claimAndSwap function

xmanuel

Summary

https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyOp.sol#L79

Vulnerability Details

claimAndSwap function don't have deadline parameter. This parameter can provide the onlyKeepers an option to limit the execution of their pending transaction.
Without a deadline parameter, onlyKeepers can execute their transactions at unexpected times when market conditions are unfavorable.

However, this is not a big problem in this case because the functions have slippage protection. Even though the onlyKeepers will get at least as much as they set, they may still be missing out on positive slippage if the exchange rate becomes favorable when the transaction is included in a block.

Impact

The lack of timing constraints can result in missed opportunities to capitalize on favorable market shifts, as the transaction may execute after the optimal window has passed.

Tools Used

manual

Recommendations

Introduce a deadline parameter in claimAndSwap function.

Updates

Appeal created

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
xmanuel Submitter
10 months ago
inallhonesty Lead Judge
10 months ago
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.