Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

the attacker can steal the opportunity to swap at a premium from keepers.

wahedtalash77

Summary

Keepers call the claimAndSwap function when alETH is worth more than 1 WETH (e.g., 1 alETH = 1.01 WETH), aiming to take advantage of the premium. However, an attacker can exploit this by frontrunning the keepers' transaction with a tiny "dust" transaction.

Suppose that after the attacker's transactions executes, the price drops back to 1 alETH = 1 WETH or even lower by the time the keepers' transaction is processed. This enables the attacker to effectively steal the opportunity to swap at a premium.

Vulnerability Details

function claimAndSwap(
uint256 _amountClaim,
uint256 _minOut,
uint256 _routeNumber
) external onlyKeepers {
transmuter.claim(_amountClaim, address(this));
uint256 balBefore = asset.balanceOf(address(this));
require(_minOut > _amountClaim, "minOut too low");
router.exchange(
routes[_routeNumber],
swapParams[_routeNumber],
_amountClaim,
_minOut,
pools[_routeNumber],
address(this)
);
uint256 balAfter = asset.balanceOf(address(this));
require((balAfter - balBefore) >= _minOut, "Slippage too high");
transmuter.deposit(asset.balanceOf(address(this)), address(this));
}

https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyMainnet.sol#L92

Impact

keepers won't be able to swap at a premium.

Recommendations

Use the get_dy function from Curve or similar pricing methods to estimate the swap's outcome before executing the transaction.

Updates

Lead Judging Commences

inallhonesty Lead Judge
12 months ago

Appeal created

inallhonesty Lead Judge 12 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

[INVALID]Lack of mechanism to ensure premium swaps

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!