Alchemix Transmuter

Description

If the asset or underlying tokens are upgradeable or proxy contracts, their logic can be changed by the token's admin. This could introduce new functionalities or vulnerabilities, such as pausing, blacklisting, fees on transfer, or even malicious behavior.

Since the strategy relies on the consistent behavior of these tokens, changes to their implementation could have unforeseen consequences.

Impact

• Unexpected Token Behavior: Changes to the token's logic may cause the strategy to malfunction or behave unexpectedly.

• Security Risks: Malicious upgrades could introduce backdoors or exploits that compromise the strategy.

• Funds At Risk: The strategy's assets could be stolen, locked, or otherwise manipulated.

Proof of Concept (PoC)

1. Scenario:

   • The underlying token is an upgradeable contract controlled by an admin.

   • The admin upgrades the token to implement transfer fees or to revert transfers to certain addresses.

2. Outcome:

   • The strategy's operations start failing due to unexpected token behavior.

   • Funds could be lost or locked within the contract.

Recommendations

• Assess the Upgradeability of Tokens:

  • Determine whether the tokens are upgradeable and assess the risks associated with potential upgrades.

• Monitor for Token Upgrades:

  • Set up monitoring to detect when a token contract is upgraded.

• Implement Safeguards Against Changes:

  • Include logic to detect changes in the token's code or behavior, and halt operations if anomalies are detected.

    bytes32 public underlyingCodeHash;

    ​

    constructor(

    // ...

    ) {

    // ...

    underlyingCodeHash = keccak256(abi.encodePacked(address(underlying).code));

    }

    ​

    function checkUnderlyingCode() internal view {

    require(keccak256(abi.encodePacked(address(underlying).code)) == underlyingCodeHash, "Underlying token code changed");

    }