Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

Invalid Behavior in claimAndSwap Function When _amountClaim of 0

davidjohn24

Summary

The claimAndSwap function in the StrategyOp contract contains a potential bug when _amountClaim == 0. In this case, the function performs unnecessary operations.

Vulnerability Details

https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyOp.sol#L79

This results in a swap operation where the amount being swapped is 0. While this might not perform a "real" swap, it still interacts with the router, and depending on the implementation of the router, this could trigger changes in internal state or balances, leading to unintended behavior.

Impact

Executing a swap with 0 tokens can trigger internal state changes or balance shifts in the router or related contracts, which could lead to incorrect balances or other unintended effects.

Tools Used

Recommendations

The following code must be added.

require(_amountClaim > 0, "Amount to claim must be greater than zero");
Updates

Appeal created

inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
davidjohn24 Submitter
6 months ago
inallhonesty Lead Judge
5 months ago
inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.