Alchemix Transmuter

Summary

The addRoute function in the contract increments the nRoutes counter indefinitely without imposing any upper limit. This unbounded growth can result in gas exhaustion, operational inefficiencies, and potential denial-of-service (DoS) conditions. Without proper safeguards, the protocol is vulnerable to route flooding attacks or unintended operational constraints.

Technical Details

Root Cause

The addRoute function continuously increments the nRoutes counter and appends new routes to mappings (routes, swapParams, pools) without enforcing a cap on the total number of routes. This design allows unrestricted addition of routes, leading to exponential gas consumption during route enumeration or processing.

Vulnerable Code

Potential Attack Scenarios

Scenario 1: Route Flooding

1. Setup: A malicious Manager exploits their role to call addRoute repeatedly, adding a large number of routes to the mappings.

2. Execution: The nRoutes counter grows indefinitely, increasing storage usage and operational overhead.

3. Impact: Critical functions that depend on or iterate over routes (e.g., claimAndSwap) fail due to gas constraints, effectively halting the protocol.

Scenario 2: Gas Consumption Spike

1. Setup: During operations, a function such as claimAndSwap processes or references all routes added to the contract.

2. Execution: The gas cost of processing grows linearly with the number of routes, eventually exceeding block gas limits.

3. Impact: Transactions fail, user deposits and withdrawals are disrupted, and yield generation halts.

Scenario 3: Storage Bloats

1. Setup: The contract accumulates a large number of inactive or obsolete routes over time.

2. Execution: Storage usage grows, leading to higher operational costs for all users interacting with the contract.

3. Impact: Reduced efficiency, increased transaction fees, and degraded user experience.

Impact

1. Operational Risk: Unrestricted growth in nRoutes disrupts core functions, potentially leading to protocol downtime.

2. Gas Exhaustion: Iterative operations on excessively large route mappings become infeasible, risking DoS conditions.

3. Financial Risk: Users experience delayed or failed transactions, undermining trust in the protocol.

Mitigation Recommendations

1. Route Addition Caps

Set a maximum limit on the number of routes that can be added, preventing unbounded growth:

2. Route Removal Mechanism

Enable authorized roles to remove or deactivate unused routes:

3. Periodic Cleanup

Implement automated or administrative processes to clean up obsolete routes, ensuring efficient resource usage.

Proof of Concept (PoC)

Steps to Exploit:

1. Deploy the contract with the current addRoute implementation.

2. Use a script or bot to call addRoute repeatedly, incrementing nRoutes indefinitely.

3. Attempt to execute a function that iterates over or relies on routes.

4. Observe the transaction failure due to gas exhaustion or increased storage usage.

Expected Fix Behavior:

1. Attempt to add more routes than the specified MAX_ROUTES limit.

2. Observe a revert with the message: "Maximum number of routes reached."

3. Remove unnecessary routes and verify that mappings and storage are updated correctly.