Summary

The _swapUnderlyingToAsset function contains a validation check that requires the minOut parameter to be greater than the _amount being swapped.

This condition is intended to ensure that the minimum amount of tokens (alETH) expected from the swap (minOut) is reasonable. However, this validation is flawed because it assumes that the input token amount (minOut) must always be greater than the input token _amount. This assumptions does not account for scenarios whereby the price of alETH is less than 1:1 compared to WETH.
For example:

• If alETH is worth 2 WETH, then a valid swap of 1 WETH might result in receiving 0.5 alETH.

• In a such a scenario the require(minOut > _amount condition would incorrectly revert the transaction, even tho the swap would have been favourable.

Impact

1. Legitimate Swap May Be Rejected:

• The strict minOut > _amount condition could cause valid swaps to fail unnecessary in cases where the price ratio is not 1:1.

• For example, if the output token (alETH) is worth more than the input token (WETH) per unit, a valid swap would produce fewer alETH than WETH input. This would be rejected despite being favourable for the contract.

1. Operational Inefficiency:

• By rejecting valid swaps, this bug could prevent the strategy from executing profitable trades, reducing the overall efficiency of the contract.

1. Missed Arbitrage Opportunities:

• The inability to perform swaps due to this restriction might result in missed opportunities to take advantage of price discrepancies between WETH and alETH.

Tools Used

Unit Testing

Recommendations

The validation logic should be modified to account for price differentiate between WETH and alETH, using either

• An oracle-based price ratio to determine whether the minOut value is reasonable

This ensures that minOut refelts a realistic minimum amount of alETH based on current market prices.

• A dynamic threshold based on expected swap outcomes.