Alchemix Transmuter

Alchemix

DeFiFoundrySolidity

16,653 OP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Logic Error in claimAndSwap Function

0xkann

Summary
In `StrategyMainnet.sol` checking the balanceOf the asset in the contract after transmuter.claim is inccorect and causes the function to always revert

require((balAfter - balBefore) >= _minOut, "Slippage too high");

Vulnerability Details

balBefore is set after claim which is incorrect since it cant keep a track of the tokens in address(this)
Since trasmuter.claim transfers tokens to address(this) the amount is updated, the exchange doesnt do anything that will cause a change of this count since it exchanges 1:1 from the underylying to synthetic token. This improper place for getting balanceOf the contract then results in faul in

https://github.com/alchemix-finance/v2-foundry/blob/master/src/TransmuterV2.sol#L238-L250
https://github.com/alchemix-finance/v2-foundry/blob/master/src/TransmuterBuffer.sol#L345-L363

Proof that claim actually transfers tokens (WETH) to address(this). and thats why the balanceOf should be updated before calling claim

require((balAfter - balBefore) >= _minOut, "Slippage too high");

function claimAndSwap(

uint256 _amountClaim,

uint256 _minOut,

uint256 _routeNumber

) external onlyKeepers {

transmuter.claim(_amountClaim, address(this));

uint256 balBefore = asset.balanceOf(address(this));

require(_minOut > _amountClaim, "minOut too low");

router.exchange(

routes[_routeNumber],

swapParams[_routeNumber],

_amountClaim,

_minOut,

pools[_routeNumber],

address(this)

);

uint256 balAfter = asset.balanceOf(address(this));

require((balAfter - balBefore) >= _minOut, "Slippage too high");

transmuter.deposit(asset.balanceOf(address(this)), address(this));

}

Impact

Not being able to Claim underlying token like WETH and swap it back to Alchemix token.

Tools Used

Recommendations
Update the balanceOf before calling transmuter.claim

Updates

Appeal created

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

16,653 OP

nSLOC

253

66 OP / LOC

High Medium

15,800

Low

853

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.