Alchemix Transmuter

Alchemix

DeFiFoundrySolidity

16,653 OP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Missing Reward Claiming, Asset Swapping, and Health Check Calls in _harvestAndReport Function Across Multiple Contracts

tm2

Summary

The _harvestAndReport function is inconsistently implemented across three versions—StrategyArb.sol, StrategyMainnet.sol, and StrategyOp.sol. All versions fail to invoke critical functionalities: claiming available rewards, swapping underlying assets to the desired asset, and executing health checks. This omission leads to inaccurate asset accounting, and potential exposure to financial discrepancies.

Vulnerability Details

Missing Reward Claiming:

StrategyArb.sol & StrategyMainnet.sol: Both versions retrieve the claimable balance from the transmuter but have the transmuter.claim(claimable, address(this)); call commented out. This prevents the strategy from claiming any available rewards.
StrategyOp.sol: Completely omits the reward claiming logic, leaving rewards unclaimed.

Missing Asset Swapping:

StrategyArb.sol & StrategyMainnet.sol: Contain commented-out code for swapping underlying assets to the desired asset using _swapUnderlyingToAsset(underlying.balanceOf(address(this)));. This results in dormant underlying assets not being converted, leading to inefficient asset utilization.
StrategyOp.sol: Does not include any asset swapping logic, leaving underlying assets unprocessed.

Impact

Without claiming rewards, the strategy fails to realize potential earnings, reducing overall profitability. Dormant or unclaimed assets lead to discrepancies between actual and reported assets, compromising the accuracy of profit and loss calculations. Idle assets remain unutilized, diminishing the strategy's returns.

Tools Used

Manual review

Recommendations

Enable Reward Claiming: Uncomment and implement the transmuter.claim(claimable, address(this)); line in StrategyArb.sol and StrategyMainnet.sol, and add similar functionality in StrategyOp.sol to ensure all available rewards are harvested.

Implement Asset Swapping: Uncomment and properly integrate the _swapUnderlyingToAsset function calls to convert underlying assets into the desired asset, ensuring efficient asset utilization across all strategy versions.
Update Documentation: Revise code comments and documentation to reflect the implemented changes, removing or updating any obsolete or commented-out code to maintain clarity and maintainability.

Updates

Appeal created

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

16,653 OP

nSLOC

253

66 OP / LOC

High Medium

15,800

Low

853

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.