Keepers call the claimAndSwap
function when alETH
is worth more than 1 WETH
(e.g., 1 alETH = 1.01 WETH)
, aiming to take advantage of the premium. However, an attacker can exploit this by frontrunning the keepers' transaction with a tiny "dust" transaction.
Suppose that after the attacker's transactions executes, the price drops back to 1 alETH = 1 WETH or even lower by the time the keepers' transaction is processed. This enables the attacker to effectively steal the opportunity to swap at a premium.
https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyMainnet.sol#L92
keepers won't be able to swap at a premium.
Use the get_dy
function from Curve or similar pricing methods to estimate the swap's outcome before executing the transaction.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.