Alchemix Transmuter

Summary

An attacker, manipulating the pool slippage of the WETH/alETH trading pair, using a flash loan, can block the execution of the claimAndSwap function.

Vulnerability Details

The claimAndSwap function relies on the current pool liquidity to calculate slippage. An attacker, monitoring the mempool, can exploit this, by providing liquidity just before the claimAndSwap is called, artificially inflating the slippage and causing the transaction to revert.

Impact

Let's consider this scenario:

1. On Mainnet:

   • The attacker monitoring the mempool, when he/she sees a claimAndSwaptx, he/she starts the attack with a tx with higher gas than the claimAndSwapso that is prioritized.

   • The attacker takes out a flash loan of WETH.

   • The attacker swaps an amount X of WETH that causes a high slippage, and receives an amount Y of alETH on the Mainnet pool.

2. Cross-chain transfer:

   • The attacker uses a bridge protocol to move the Y amount of alETH to Arbitrum and/or a portion to Optimism.

3. On Arbitrum and Optimism:

   • The attacker swaps back the Y amount of alETH for WETH on Arbitrum pool and/or Optimism pool (depending on the alETH price into the pools).

4. Repay flash loan:

   • The attacker sends the WETH back to the flash loan provider on Mainnet and takes the profit.

5. The claimAndSwap strategy on the Mainnet is blocked because due the high slippage. The function doesn't claim and swap on loss.

6. In the meantime, the token holders, seeing an advantageous alETH price, swap their alETH for WETH.

7. The attacker, monitoring the Mainnet pool, can repeat the exploit to disrupt the entire system.

The attacker using a flashloan and crosschain price manipulation can block the claimAndSwap strategy and take the profit for the operation.

Tools Used

Manual review.

Recommendations

Implement a price oracle check to detect potential manipulations.