Alchemix Transmuter

Alchemix

DeFiFoundrySolidity

16,653 OP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Claim Amount Not Verified - Risk of Overwhelming Liquidity in claimAndSwap function

nitinaimshigh

Summary

The claimAndSwap function does not verify or limit the _amountClaim parameter, which could potentially allow a large amount of WETH to be claimed from the transmuter. Without any checks, this could overwhelm the liquidity available for swapping, causing poor swap conditions, excessive price slippage, or unintended behavior in the contract due to insufficient liquidity.

Vulnerability Details

function claimAndSwap(uint256 _amountClaim, uint256 _minOut, IRamsesRouter.route[] calldata _path) external onlyKeepers {

transmuter.claim(_amountClaim, address(this));

uint256 balBefore = asset.balanceOf(address(this));

_swapUnderlyingToAsset(_amountClaim, _minOut, _path);

uint256 balAfter = asset.balanceOf(address(this));

require((balAfter - balBefore) >= _minOut, "Slippage too high");

transmuter.deposit(asset.balanceOf(address(this)), address(this));

}

Lack of Claim Verification: The _amountClaim parameter, which specifies the amount of WETH to claim from the transmuter, is not verified or limited in the current implementation. A malicious or accidental large claim could drain the liquidity pool, resulting in poor execution of the swap or even a failed transaction due to insufficient liquidity.

Impact on Liquidity: Without a cap or check on the amount that can be claimed, the contract may end up with a significant imbalance or insufficient liquidity, leading to suboptimal trading conditions for the contract and its users.

Potential Exploitation: A malicious actor could attempt to claim a large amount of WETH to manipulate the liquidity pool, affecting swap outcomes and possibly causing financial losses.

Impact

Severity: Medium

Allowing unchecked claim amounts can lead to unintended behavior, such as suboptimal swaps or high slippage. While it may not directly compromise the security of the contract, it can negatively impact its operational efficiency and cause financial losses.

Likelihood: Medium

Impact Magnitude: Medium to High

Example Scenarios

Large Claims During Low Liquidity:
A keeper claims a large amount of WETH during a period of low liquidity in the swap pool, leading to excessive slippage or failed transactions.
Keeper Exploitation:
A keeper deliberately claims a large amount, triggering suboptimal swaps, and potentially benefiting through a related arbitrage position.

Tools Used

Manual Review

Recommendations

Limit the Claim Amount: Implement a cap on the _amountClaim parameter to ensure it is within reasonable bounds. This could be based on the current liquidity of the pool, or a fixed maximum claim amount set by the contract owner or governance.

Example:

uint256 public maxClaimAmount = 1000 ether; // Set a max claim cap (adjust as necessary)

function claimAndSwap(uint256 _amountClaim, uint256 _minOut, IRamsesRouter.route[] calldata _path) external onlyKeepers {

require(_amountClaim <= maxClaimAmount, "Claim amount exceeds limit");

transmuter.claim(_amountClaim, address(this));

// Further implementation...

}

Updates

Appeal created

inallhonesty Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

16,653 OP

nSLOC

253

66 OP / LOC

High Medium

15,800

Low

853

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!