Alchemix Transmuter

Alchemix

DeFiFoundrySolidity

16,653 OP

View results

Previous Next

Submission Details

Severity: low

Invalid

Mutable State Variables that Should be Immutable

sauronsol

Summary

Several state variables in the contracts that are only set once during initialization are not marked as immutable, leading to unnecessary gas costs and potential security risks.

Vulnerability Details

From the test results:

function testGasComparison() public {

// Test non-immutable version

uint256 gasBefore = gasleft();

uint256 value1 = nonImmutable.doSomethingWithRoutes();

uint256 gasAfter = gasleft();

uint256 gasUsedNonImmutable = gasBefore - gasAfter;

// Test immutable version

gasBefore = gasleft();

uint256 value2 = immutable_.doSomethingWithRoutes();

gasAfter = gasleft();

uint256 gasUsedImmutable = gasBefore - gasAfter;

emit log_named_uint("Gas used non-immutable", gasUsedNonImmutable);

emit log_named_uint("Gas used immutable", gasUsedImmutable);

assertTrue(gasUsedImmutable < gasUsedNonImmutable, "Immutable should use less gas");

assertEq(value1, value2, "Values should be equal");

}

function testNonImmutableCanBeModified() public {

// Initial value

assertEq(nonImmutable.nRoutes(), 5);

// Can modify non-immutable

nonImmutable.setRoutes(10);

// Value changed

assertEq(nonImmutable.nRoutes(), 10, "Non-immutable value should be modifiable");

}

Gas used non-immutable: 7368

Gas used immutable: 5169

This shows a difference of ~2200 gas per read operation when using non-immutable vs immutable variables.

Affected variables include:

// In StrategyArb.sol

ITransmuter public transmuter; // Should be immutable

ERC20 public underlying; // Should be immutable

// In TokenAdapterMock.sol

address public token; // Should be immutable

Impact

Low/Gas Optimization

Gas inefficiency: ~2200 gas wasted per read operation
Risk potential: Non-immutable variables could theoretically be modified if setter functions are added later
Test proves higher gas costs: 7368 vs 5169 gas (42% more expensive)

Tools Used

Slither static analyzer
Custom test suite (ImmutableRoutesTest)
Manual review
Foundry gas reporting

Recommendations

Mark variables as immutable when they're only set in constructor:

ITransmuter public immutable transmuter;

ERC20 public immutable underlying;

address public immutable token;

Benefits:

Gas savings of ~2200 gas per read
Clearer code intent
Elimination of potential future modification risks
Better compiler optimizations

Updates

Appeal created

inallhonesty Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

inallhonesty Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

16,653 OP

nSLOC

253

66 OP / LOC

High Medium

15,800

Low

853

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.