Alchemix Transmuter

Summary

The StrategyArb lacks proper validation of exchange rates during token swaps in the _swapUnderlyingToAsset function. The only check ensures that minOut is greater than _amount, which is insufficient. A malicious or negligent keeper can exploit this by setting a minOut that results in swaps at unfavorable rates, causing financial loss to the strategy.

Vulnerability Details

• Insufficient Validation:

  • The function checks if minOut > _amount but does not verify if the exchange rate is favorable.

• Dependence on Keeper:

  • The keeper provides the minOut parameter without any upper or lower bounds enforced by the contract.

  • There is no use of an oracle or other mechanism to verify market rates.

• Potential Exploit:

  • A keeper can set minOut to a value just above _amount, accepting a poor exchange rate.

  • The strategy ends up receiving fewer asset tokens than expected, resulting in a loss.

Impact

• Financial Loss:

  • The strategy may lose value due to unfavorable exchange rates during swaps.

• Keeper Manipulation:

  • Malicious keepers can intentionally cause the strategy to engage in bad trades.

• Performance Degradation:

  • The overall returns of the strategy are negatively affected.

Proof of Concept (POC)

1. Keeper's Action:

   • The keeper sets minOut to a value marginally greater than _amount, disregarding the actual market rate.

   • For example, _amount = 100, minOut = 101, even though the market rate should yield minOut = 150.

2. Swap Execution:

   • The swap is executed based on the low minOut.

   • The require check passes since 101 > 100.

3. Result:

   • The strategy swaps 100 units of underlying but receives only 101 units of asset instead of the fair market value.

   • The strategy incurs a significant loss.

Recommendations

• Implement Oracle-based Price Checks:

  • Use a trusted price oracle (e.g., Chainlink) to get the current exchange rate between underlying and asset.