Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

IAlchemist Interface Contains Functions Without Return Values: Contracts Using This Interface May Face Runtime Errors or Mishandle Return Values

theirrationalone

Summary

The IAlchemist interface, located in the interfaces folder, defines several functions that do not specify return values. However, the actual Alchemist contract implements these functions with return values, which causes a mismatch in function signatures. This oversight could lead to runtime errors and incorrect handling of return values in contracts using this interface.

IAlchemist interface:

// @info: depositUnderlying function returns a uint256, which is missing in the interface definition.
// The return value represents the number of shares issued to the recipient.
function depositUnderlying(address yieldToken, uint256 amount, address rec, uint256 minOut) external;
// @info: repay function returns a uint256, which is missing in the interface definition.
// The return value represents the amount of tokens that were repaid.
function repay(address _underlying, uint256 _amount, address _recipient) external;
// @info: burn function returns a uint256, which is missing in the interface definition.
// The return value represents the amount of tokens that were burned.
function burn(uint256 _amount, address _recipient) external;

Contracts utilizing this interface may experience mishandling of return values, which could confuse users by altering the expected behavior of these functions.

Impact

  • Function signature mismatch: The interface does not match the actual function implementations in the contract, causing a discrepancy in expectations.

  • Runtime errors: Contracts that call the functions may encounter errors when attempting to process return values.

  • Mishandling of return values: Return values will not be handled properly by other contracts or users relying on the interface.

  • User confusion: The inconsistency in return values may lead to confusion for users interacting with the contract.

Vulnerability Details

The mismatch between the IAlchemist interface and the actual Alchemist contract can result in the following vulnerabilities:

  • Inconsistent Contract Behavior: Since the interface does not reflect the actual function signatures (especially return values), any contract that interacts with the IAlchemist interface could either:

    • Fail to capture the return values from functions.

    • Misinterpret return values, leading to incorrect logic or unexpected behavior.

  • Possible Runtime Failures: If any contract expects the interface functions to follow the specified signatures (without return values), and the functions in the Alchemist contract return values, it can cause errors at runtime. This can potentially halt contract execution or lead to unintended consequences.

  • Inaccurate User Expectations: Users interacting with contracts that implement the IAlchemist interface may assume functions are return-free (as the interface suggests), leading to confusion when return values are unexpectedly provided.

Tools Used

Manual Review

Recommendations

To resolve the issue, it is recommended to update the IAlchemist interface to include the correct return values for the affected functions. Below is an updated version of the interface with the return values included:

- function depositUnderlying(address yieldToken, uint256 amount, address rec, uint256 minOut) external;
+ function depositUnderlying(address yieldToken, uint256 amount, address rec, uint256 minOut) external returns (uint256);
- function repay(address _underlying, uint256 _amount, address _recipient) external;
+ function repay(address _underlying, uint256 _amount, address _recipient) external returns (uint256);
- function burn(uint256 _amount, address _recipient) external;
+ function burn(uint256 _amount, address _recipient) external returns (uint256);

Updating the interface as shown will ensure consistency between the interface and contract implementations, preventing potential runtime errors and user confusion.

Updates

Appeal created

inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
theirrationalone Submitter
5 months ago
inallhonesty Lead Judge
5 months ago
inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.