Alchemix Transmuter

Alchemix

DeFiFoundrySolidity

16,653 OP

View results

Previous Next

Submission Details

Severity: low

Invalid

ITransmuter Interface Contains Functions With view modifier. Contracts and users may face Unintended GAS Wastage, information leakage, and storage and state update.

theirrationalone

Summary

The ITransmuter interface, located in the interfaces folder, defines several functions that are using view modifier. However, the actual Transmuter contract(s) implements these functions without view modifier, which causes an unintended GAS Wastage, information leak and undesired state updates. This oversight could lead to confidential information leak which is the prominent issue as compared to GAS Wastage.

`ITransmuter` interface:

// @info: getClaimableBalance has view visibility but actual function doesn't has

// therefore leaking information

function getClaimableBalance(address _owner) external view returns (uint256);

// @info: getExchangedBalance has view visibility but actual function doesn't has

// therefore leaking information

function getExchangedBalance(address _owner) external view returns (uint256);

// @info: getUnexchangedBalance has view visibility but actual function doesn't has

// therefore leaking information

function getUnexchangedBalance(address _owner) external view returns (uint256);

Contracts utilizing this interface may experience information leakage and state updates which were not intended to happen.

Impact

Unintentional GAS Wastage
Undesired State update
Storage wastage
Emerges confusion among users
Sensitive Information Leaks

Tools Used

Manual Review

Recommendations

To resolve the issue, it is recommended to update the ITransmuter interface to remove the view modifier from the affected functions. Below is an updated version of the interface without the view modifier:

- function getClaimableBalance(address _owner) external view returns (uint256);

+ function getClaimableBalance(address _owner) external returns (uint256);

- function getExchangedBalance(address _owner) external view returns (uint256);

+ function getExchangedBalance(address _owner) external returns (uint256);

- function getUnexchangedBalance(address _owner) external view returns (uint256);

+ function getUnexchangedBalance(address _owner) external returns (uint256);

Updating the interface as shown will ensure consistency between the interface and contract implementations, preventing potential GAS & Storage Wastage, state updates, Information leaks.

Updates

Appeal created

inallhonesty Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

inallhonesty Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

16,653 OP

nSLOC

253

66 OP / LOC

High Medium

15,800

Low

853

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Alchemix Transmuter

ITransmuter Interface Contains Functions With view modifier. Contracts and users may face Unintended GAS Wastage, information leakage, and storage and state update.

Summary

ITransmuter interface:

Impact

Tools Used

Recommendations

Appeal created

Prize pool breakdown

Live

Judging

Appeals

Appeals Review

Rewards Distribution

FAQs

`ITransmuter` interface: