Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

`availableWithdrawLimit` can be manipulated using donation attack

tejaswarambhe

Summary

A malicious actor could manipulate the StrategyMainnet::availableWithdrawLimit, StrategyArb::availableWithdrawLimit and StrategyOp::availableWithdrawLimit by depositing the asset token into the strategy contract.

Vulnerability Details

The protocol has a availableWithdrawLimit function in all three contracts, which allows the protocol / anyone to view the current available withdrawal limit.

function availableWithdrawLimit(
address /*_owner*/
) public view override returns (uint256) {
return asset.balanceOf(address(this)) + transmuter.getUnexchangedBalance(address(this));
}

However, due to the use of balanceOf(address(this)), it makes the contract susceptible to donation attack, manipulating the current available withdrawal limit.
The natspec suggests that this function will be called before any withdraw or redeem.

* This function will be called before any withdraw or redeem to enforce
* any limits desired by the strategist.

Impact

This function is likely to be used by protocol, protocol's keeper and users, returning a false value could hinder the operations of the off-chain mechanim of the protocol.

Tools Used

Manual Review

Recommendations

It is recommmended to directly fetch values from the transmuter itself.

Updates

Appeal created

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.