Alchemix Transmuter

Summary

The contract allows functions like claimAndSwap and addRoute to be called repeatedly without restrictions, introducing risks of asset depletion, gas exhaustion, or operational inefficiencies.

Root Cause

The claimAndSwap and addRoute functions lack mechanisms to restrict the frequency of calls. This design oversight permits excessive or repeated executions, exposing the protocol to abuse and inefficiencies.

** Code Related :**

The claimAndSwap function:

The addRoute function:

Potential Attack Scenarios

Scenario 1: Rapid Swap Exploitation

1. Setup: A Keeper calls claimAndSwap repeatedly in rapid succession.

2. Execution: Each call interacts with the transmuter and router, potentially exploiting slippage or timing conditions.

3. Impact: Rapid depletion of protocol assets or excessive gas consumption, leading to financial losses and operational inefficiencies.

Scenario 2: Route Flooding

1. Setup: A Manager repeatedly calls addRoute to add numerous routes.

2. Execution: The nRoutes counter grows unbounded, filling mappings with excessive data.

3. Impact: Storage bloat and operational delays due to high gas costs, potentially leading to DoS conditions.

Scenario 3: Gas Limit Exhaustion

1. Setup: Repeated calls to critical functions like claimAndSwap within a single transaction.

2. Execution: Excessive operations exhaust the gas limit, causing transaction failures.

3. Impact: Disruption of protocol operations and inability to process legitimate user requests.

Impact

1. Operational Risk: Gas exhaustion disrupts protocol functionality, affecting user experience and trust.

2. Financial Risk: Rapid or excessive function calls can lead to fund depletion and reduced profitability.

3. Exploitation Risk: Malicious actors exploit unrestricted access to manipulate or overload the system.

Proof of Concept (PoC)

Steps to Reproduce:

1. Deploy the contract.

2. Call claimAndSwap repeatedly in a single block using high gas fees to prioritize execution.

3. Observe gas exhaustion or fund depletion due to lack of rate-limiting.

Expected Fix Behavior:

1. Repeated calls to claimAndSwap within the cooldown period are blocked with an appropriate error message.

2. Attempting to add routes beyond the maximum limit is restricted, maintaining operational efficiency.

Mitigation Recommendations

1. Implement Rate-Limiting Mechanisms

Introduce cooldown periods to limit the frequency of function calls:

2. Enforce Role-Specific Limits

For addRoute, implement constraints to ensure the number of routes stays manageable:

3. Monitor Function Execution

Track and log function usage to identify patterns of abuse or inefficiencies:

• Use events to log each call to claimAndSwap or addRoute.

• Implement monitoring dashboards to analyze function call frequency.

4. Introduce Governance Oversight

Require multi-signature approval or a governance vote for adding or modifying routes to enhance security and accountability.