Alchemix Transmuter

Summary

The claimAndSwap mechanism in StrategyOp contains a critical design flaw in its trade validation that exposes the strategy to suboptimal trade execution. The core issue stems from its naive approach to trade validation, where it simply ensures the output amount exceeds the input amount without considering the broader economic implications of the trade.

The function implements basic slippage protection but fails to enforce any meaningful premium requirements for the WETH to alETH conversion. In synthetic asset markets, especially for assets like alETH, trading at a premium to the underlying is fundamental to the economic model. The current implementation allows trades to execute with minimal premiums that may not justify the gas costs and opportunity costs involved.

This vulnerability means that while the strategy won't incur direct nominal losses, it could suffer from value erosion through a series of economically suboptimal trades. Since the function is keeper-callable, this creates an avenue for potential exploitation where keepers could execute trades that technically meet the minimal requirements but capture value that should remain within the strategy.

Proof of Concept

The current implementation's vulnerability becomes clear when examining its execution flow. When a keeper calls claimAndSwap, the function performs the following operations:

https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyOp.sol#L79

Consider a real-world scenario where WETH trades at a 0.3% premium to alETH. A keeper could execute a trade of 100 WETH and specify a minOut of 100.1 alETH. This trade would pass all current validations despite capturing only a 0.1% premium. After accounting for gas costs and the opportunity cost of not waiting for better market conditions, this trade actually destroys value for the strategy.

The underlying vulnerability lies in the _swapUnderlyingToAsset function:

https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyOp.sol#L98

This check fundamentally misunderstands the economics of synthetic asset trading, where we should expect and require meaningful premiums to compensate for the risks and time value inherent in the synthetic asset.

Recommended mitigation steps

The solution requires rearchitecting the trade validation system to align with proper economic incentives. The strategy should implement strict premium requirements and minimum trade sizes to ensure all trades meaningfully contribute to the strategy's performance.

This revision enforces economic rationality through several mechanisms. It requires a meaningful minimum premium, ensures trade sizes are large enough to justify gas costs, and validates both intended and actual trade outcomes. The addition of detailed event logging enables monitoring of trading patterns and performance.

By implementing these changes, the strategy better protects its economic interests and ensures that keepers can only execute trades that genuinely benefit the protocol. This creates a more sustainable and efficient trading mechanism that properly aligns with the synthetic asset market's fundamental economics.

The solution transforms the trade validation from a simple nominal check into a comprehensive economic framework that considers all aspects of trade profitability, ensuring long-term value preservation for the strategy's stakeholders.