Alchemix Transmuter

Alchemix

DeFiFoundrySolidity

16,653 OP

View results

Previous Next

Submission Details

Severity: high

Invalid

`WETH` will be stuck in `Transmuter` contract due to lack of implementation in `StrategyOp` contract

ke1caM

Summary

StrategyOp::claimAndSwap is used to generate yield for the strategy by swapping WETH for alETH when the trade is profitable (WETH can be swapped for alETH at a premium). The issue is that when the price of alETH is below the peg for an extended period, the deposited alETH is being transmuted into WETH. Transmuted alETH isn't the problem. The problem is that WETH cannot be withdrawn by either users or the protocol, resulting in the WETH becoming stuck in the Transmuter contract.

Vulnerability Details

Currently, in the strategy contract, the claimAndSwap function is the only method that can claim transmuted WETH. However, when the price of alETH is below the peg, the WETH becomes stuck due to lack of WETH handling implementation. Users are only allowed to withdraw untransmuted and loose assets (alETH). If the strategy keeper is unable to perform swaps due to a lack of premium, the deposited alETH will be transmuted into WETH, which cannot be claimed.

https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyOp.sol#L79-L89

function claimAndSwap(uint256 _amountClaim, uint256 _minOut, IRamsesRouter.route[] calldata _path) external onlyKeepers {

transmuter.claim(_amountClaim, address(this));

uint256 balBefore = asset.balanceOf(address(this));

_swapUnderlyingToAsset(_amountClaim, _minOut, _path);

uint256 balAfter = asset.balanceOf(address(this));

require((balAfter - balBefore) >= _minOut, "Slippage too high");

transmuter.deposit(asset.balanceOf(address(this)), address(this));

}

claimAndSwap is currently the only function that can claim and swap WETH for alETH. If this function cannot be called, as outlined in the report, all transmuted WETH will become stuck in the Transmuter contract, leading to loss of funds for users. Additionally, users will be unable to withdraw alETH, as it has already been transmuted into WETH.

This issue is different than front-running claimAndSwap as this issue describes scenario where the price of alETH is below the peg. alETH is currently below peg an can it can be for extended time period in which all of the alETH will be transmuted into WETH.

Impact

WETH cannot be claimed, swapped, or redistributed to users as yield, resulting in a loss of funds.

It is important to note that this report specifically addresses the vulnerability in the StrategyOp contract.

Tools Used

Manual review

Recommended Mitigation

Consider implementing a new function to manage WETH in a way that allows users to withdraw their funds under fair conditions.

Updates

Lead Judging Commences

inallhonesty Lead Judge

10 months ago

Appeal created

inallhonesty Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

16,653 OP

nSLOC

253

66 OP / LOC

High Medium

15,800

Low

853

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.