Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

Use of deadline = block.timestamp could causes high transaction failure rates

508110516

Summary

The_swapUnderlyingToAsset function passes block.timestamp as the deadline parameter in swapExactTokensForTokens, which can easily revert if the transaction is not included in the exact same block.

Vulnerability Details

Location:

https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyArb.sol#L87

https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyOp.sol#L102

function _swapUnderlyingToAsset(uint256 _amount, uint256 minOut, IRamsesRouter.route[] calldata _path) internal {
// TODO : we swap WETH to ALETH -> need to check that price is better than 1:1
// uint256 oraclePrice = 1e18 * 101 / 100;
require(minOut > _amount, "minOut too low");
uint256 underlyingBalance = underlying.balanceOf(address(this));
require(underlyingBalance >= _amount, "not enough underlying balance");
@> IRamsesRouter(router).swapExactTokensForTokens(_amount, minOut, _path, address(this), block.timestamp);
}

And the function then calls:

interface IRamsesRouter {
struct route {
address from;
address to;
bool stable;
}
function swapExactTokensForTokens(
uint256 amountIn,
uint256 amountOutMin,
route[] calldata routes,
address to,
@> uint256 deadline
) external;
}

Here, deadline is set to block.timestamp. Consequently, the transaction must be included in the same block in which it was created. If it lands in any* *subsequent block, the router will view the deadline as expired and revert the swap. This rigid constraint can lead to repeated failures under modest network delay or block congestion.

Chain-by-Chain Analysis

1. Ethereum

Average block time: ~12-15 seconds.

Network congestion is more frequent, so a transaction might easily slip to the next block, causing deadline checks to fail.

Especially problematic if gas prices are not set high enough to prioritize same-block inclusion.

2. Optimism

Faster L2 blocks (~2 seconds), but transactions are often batched and sequenced.

Even minor queueing could push the swap past the current block, causing the deadline to expire.

While slightly reduced risk due to lower block times, it still poses a non-trivial chance of reverts.

3. Arbitrum

Also around ~1-2 second block times but may rely on batch confirmations.

If there is temporary network load or minimal gas fees, a transaction can be included in a subsequent block, again expiring the deadline.

Faster blocks help somewhat, but do not guarantee same-block inclusion.

Impact

• Excessive Reverts: Keepers trying to execute swaps may see them fail repeatedly unless they pay very high gas or get lucky with block timing.
• Impaired Strategy Execution: Automated steps relying on successful swapExactTokensForTokens calls may be disrupted. If reverts are frequent, overall yield or arbitrage strategies become less reliable.

Tools Used

Manual Review

Recommendations

Add a time buffer: Common practice is to use a future timestamp, for example block.timestamp + 100 or a suitable margin, giving the transaction a window to be included without reverting.

Updates

Appeal created

inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
508110516 Submitter
10 months ago
508110516 Submitter
10 months ago
inallhonesty Lead Judge
10 months ago
inallhonesty Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.