Alchemix Transmuter

Description

In the _swapUnderlyingToAsset function, the strategy uses block.timestamp as the deadline parameter for the swapExactTokensForTokens function:

Using block.timestamp without adding a time buffer can lead to swaps failing if the transaction is mined in the next block after the one in which it was submitted. This can cause operational issues and prevent swaps from occurring as intended.

Impact

• Failed Transactions: Swaps may fail unexpectedly due to strict timing, leading to wasted gas fees and delays in strategy operations.

• Operational Inefficiency: Frequent transaction failures can hinder the strategy's performance and responsiveness.

• Potential Loss of Opportunities: Missing timely swaps may result in lost opportunities to capitalize on favorable market conditions.

Proof of Concept (PoC)

1. Scenario:

   • The swapExactTokensForTokens call is included in a block mined after the current block.

   • The block.timestamp has advanced beyond the specified deadline.

2. Effect:

   • The swap fails due to the exceeded deadline.

   • The transaction reverts, incurring gas costs without achieving the desired outcome.

3. Consequence:

   • Operational delays as the swap must be retried.

   • Increased gas costs due to failed transactions.

Recommendations

• Add a Time Buffer to Deadlines:
  Include a reasonable time buffer when setting the deadline to allow for transaction mining delays.

  uint256 deadline = block.timestamp + 600; // 10 minutes buffer

  IVeloRouter(router).swapExactTokensForTokens(

  _amount,

  minOut,

  _path,

  address(this),

  deadline

  );