Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: medium
Invalid

claimAndSwap can be fronruned to keep the pool unbalanced

vladzaev

Summary

A malicious user can easily keep the pool unbalanced by frontrunning the swap tx with a small amount of token.

Vulnerability Details

Keepers can call the claimAndSwap funtion to keep the pool balanced (WETH to alETH - 1:1) by sending some Weth to it and get alETH exceeds and deposit it it to the trunsmuter later.

function claimAndSwap(
uint256 _amountClaim,
uint256 _minOut,
uint256 _routeNumber
) external onlyKeepers {
transmuter.claim(_amountClaim, address(this));
uint256 balBefore = asset.balanceOf(address(this));
require(_minOut > _amountClaim, "minOut too low");
router.exchange(
routes[_routeNumber],
swapParams[_routeNumber],
_amountClaim,
_minOut,
pools[_routeNumber],
address(this)
);
uint256 balAfter = asset.balanceOf(address(this));
require((balAfter - balBefore) >= _minOut, "Slippage too high");
transmuter.deposit(asset.balanceOf(address(this)), address(this));
}

Here the minAmount of alETH should always be more than Weth amount to get a profit and keep the balance.

A malicious user can either frontrun the tx to get the profit first or to make a swap with a super small amounts to break the minAmount out value. In general, a 1 Wei will be enough to do this.

Impact

A malicious user can keep the pool unbalances with a small efforts ans cost.

Tools Used

Manual review.

Recommendations

Not sure about the best option to prevent this action, probably a more complex checks should be considered to keep the WETH:alETH pool in a good condition.

Updates

Lead Judging Commences

inallhonesty Lead Judge
11 months ago

Appeal created

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.