Forced loss in _freeFunds due to partial withdrawals from transmuter
Summary
The _freeFunds function calls transmuter.withdraw(_amount, address(this)). If the Transmuter’s unexchangedBalance is lower than the requested _amount, the function only withdraws the available balance instead of reverting the transaction. The shortfall is then treated as a “loss” and passed on to the withdrawing user. Under severe liquidity constraints or during market shocks, users may be unable to retrieve their expected assets, effectively causing them to bear involuntary losses.
Vulnerability Details
Location:
If _amount exceeds totalAvailabe (the Transmuter’s current unexchanged alETH balance for this strategy), only totalAvailabe is withdrawn. The difference is effectively considered a “loss” to the user requesting withdrawal, rather than reverting due to insufficient liquidity. This behavior can unexpectedly penalize users, especially in turbulent market conditions.
Impact
Funds loss to users.
Tools Used
Manual Review
Recommendations
Revert on Insufficient Liquidity: Instead of allowing partial withdrawals, revert if
totalAvailabe < _amount. This forces the transaction to fail and ensures users are made aware that full liquidity is not currently available. Users can then decide to try withdrawing a smaller amount or wait until more liquidity is replenished.Improve Transparency: Notify users when the Transmuter’s liquidity is nearing depletion so they can manage redemption expectations or postpone withdrawals until conditions improve.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.