Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

Transfer of 0 tokens to address

0xkann

Summary

Improper handle if totalAvailable is 0. continius transfering 0 tokens

Vulnerability Details
https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyMainnet.sol#L136-L143
https://github.com/alchemix-finance/v2-foundry/blob/master/src/TransmuterV2.sol#L353-L370
https://github.com/alchemix-finance/v2-foundry/blob/master/src/TransmuterV2.sol#L224-L235

In StrategyMainnet.solcontract, function _freeFunds when we calculate the totalAvailablefunds if occupiedTick havent reached the satisfiedTick it will return 0 and this will lead to totalAvailable = 0

if (account.occupiedTick <= satisfiedTick) {return 0;}

then it will call transmiter.withdraw with totalAvailable which is 0

and this will successfully transfer to address(this) amount 0.

TokenUtils.safeTransfer(syntheticToken, recipient, amount);

Impact

Low impact since it just wastes gas and does a transfer of 0 tokens.

Tools Used

Recommendations

add revert if totalAvailable balance is 0 to not proceed with the transfer

// Revert if totalAvailable is 0
require(totalAvailable > 0, "No available funds to withdraw");
if (_amount > totalAvailable) {
transmuter.withdraw(totalAvailable, address(this));
} else {
transmuter.withdraw(_amount, address(this));
}
Updates

Appeal created

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.