Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing validation in `StrategyMainnet::ClaimAndSwap()`

unique

Summary

The claimAndSwap function is used to claim WETH from the transmuter and swap it for alETH at a premium. However, the _routeNumber parameter is not validated to ensure that the specified route exists in the routes mapping.

Vulnerability Details

In the provided claimAndSwap function, _routeNumber is directly used to access routes, swapParams, and pools without any validation:

router.exchange(
routes[_routeNumber],
swapParams[_routeNumber],
_amountClaim,
_minOut,
pools[_routeNumber],
address(this)
);

If an invalid _routeNumber is passed, the function may attempt to access nonexistent entries in the mappings (routes, swapParams, or pools).

https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyMainnet.sol#L92

Impact

  • By reverting, the keeper might miss the opportunity to execute the swap, especially in a volatile market.

  • If an invalid _routeNumber is used, the transaction will fail, leading to disruptions in functionality, especially for keepers relying on this function to operate effectively.

  • Unvalidated _routeNumber values may expose the system to avoidable errors, reducing the reliability of the function.

Recommendations

Validate the _routeNumber parameter to ensure it is within the bounds of valid routes before accessing mappings:

+ require(_routeNumber < nRoutes, "Invalid route number");

By adding this check, the system ensures that _routeNumber always references an existing and valid route, preventing potential errors or vulnerabilities.

Updates

Appeal created

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.