Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: high
Invalid

Potential race condition in DEX trades

setstacklist

In all three strategy contracts, the claimAndSwap function performs a sequence of operations that could be vulnerable to MEV attacks and sandwich transactions. The function claims WETH from the transmuter and then performs a DEX swap, with a check for minimum output amount only at the end.

transmuter.claim(_amountClaim, address(this));
uint256 balBefore = asset.balanceOf(address(this));
_swapUnderlyingToAsset(_amountClaim, _minOut, _path);
uint256 balAfter = asset.balanceOf(address(this));
require((balAfter - balBefore) >= _minOut, "Slippage too high");

This creates a window where arbitrageurs can frontrun the swap transaction to manipulate the price and extract value, then backrun to restore the price. While there is a minimum output check, it only protects against excessive slippage but not against MEV extraction.
The issue is exacerbated by the fact that these functions are permissionless (only requiring keeper role) and the claimed amounts are visible in the mempool before the swap executes.

https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyArb.sol#L71

https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyMainnet.sol#L92

https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyOp.sol#L79

Updates

Appeal created

inallhonesty Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Lack of quality

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.