Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Missing Fallback Mechanism for Failed Swaps

cipherhawk

Summary

The claimAndSwap function lacks a fallback mechanism to handle failed swaps gracefully. If a swap fails, the entire transaction reverts, causing unnecessary gas expenditure and operational disruptions. This issue affects the strategy's efficiency and user returns.

Technical Details

Root Cause

The claimAndSwap function relies entirely on the IVeloRouter.router for executing swaps without validating the success of the transaction or implementing contingencies for failure.

Vulnerable Code

function claimAndSwap(uint256 _amountClaim, uint256 _minOut, IVeloRouter.route[] calldata _path) external onlyKeepers {
transmuter.claim(_amountClaim, address(this));
uint256 balBefore = asset.balanceOf(address(this));
IVeloRouter(router).swapExactTokensForTokens(_amountClaim, _minOut, _path, address(this), block.timestamp);
uint256 balAfter = asset.balanceOf(address(this));
require((balAfter - balBefore) >= _minOut, "Slippage too high");
transmuter.deposit(asset.balanceOf(address(this)), address(this));
}

Potential Attack Scenarios

Scenario 1: Swap Reversion Exploit

  1. Setup: An attacker manipulates market conditions or submits conflicting transactions to increase slippage and cause the swap to revert.

  2. Execution: The IVeloRouter.router fails during swapExactTokensForTokens.

  3. Impact: The transaction reverts entirely, wasting gas and halting the claimAndSwap process, delaying yield generation.

Scenario 2: Router Malfunction

  1. Setup: The router contract malfunctions or experiences downtime, causing swaps to fail.

  2. Execution: Repeated swap attempts lead to transaction reverts.

  3. Impact: Operational disruptions prevent the strategy from functioning effectively, reducing user returns.

Scenario 3: Network Congestion

  1. Setup: The network experiences high latency or congestion, causing the swap to exceed the allowed deadline.

  2. Execution: The swap fails due to timing issues.

  3. Impact: The inability to execute swaps disrupts yield generation, affecting the overall strategy performance.

Impact

  1. Gas Inefficiency: Failed swaps consume gas unnecessarily, increasing operational costs.

  2. Disrupted Yield Generation: Continuous failures halt the strategy's ability to manage assets, reducing profitability.

  3. User Dissatisfaction: Operational issues and lower returns can erode user trust and participation.

Mitigation Recommendations

1. Retry Mechanisms

Introduce a retry mechanism to allow multiple swap attempts with adjusted parameters:

function claimAndSwap(uint256 _amountClaim, uint256 _minOut, IVeloRouter.route[] calldata _path) external onlyKeepers {
for (uint8 i = 0; i < 3; i++) {
try IVeloRouter(router).swapExactTokensForTokens(_amountClaim, _minOut, _path, address(this), block.timestamp) {
break;
} catch {
if (i == 2) revert("Swap failed after retries");
}
}
}

2. Flexible Deadlines

Set adjustable deadlines for swaps to handle network delays:

uint256 public swapDeadlineBuffer = 300; // 5 minutes buffer
function claimAndSwap(uint256 _amountClaim, uint256 _minOut, IVeloRouter.route[] calldata _path) external onlyKeepers {
uint256 deadline = block.timestamp + swapDeadlineBuffer;
IVeloRouter(router).swapExactTokensForTokens(_amountClaim, _minOut, _path, address(this), deadline);
}

3. Alternative Routes

Implement fallback swap routes for scenarios where the primary route fails:

address public fallbackRouter;
function claimAndSwap(uint256 _amountClaim, uint256 _minOut, IVeloRouter.route[] calldata _path) external onlyKeepers {
try IVeloRouter(router).swapExactTokensForTokens(_amountClaim, _minOut, _path, address(this), block.timestamp) {
// Swap successful
} catch {
require(fallbackRouter != address(0), "No fallback router set");
IVeloRouter(fallbackRouter).swapExactTokensForTokens(_amountClaim, _minOut, _path, address(this), block.timestamp);
}
}

Proof of Concept (PoC)

Steps to Reproduce:

  1. Deploy the contract with a valid router.

  2. Simulate a router failure by providing an invalid _path or manipulating the router contract.

  3. Call claimAndSwap and observe the transaction revert due to swap failure.

Expected Fix Behavior:

  1. The function should gracefully handle swap failures using retries or fallback mechanisms.

  2. The strategy continues functioning without full transaction reversion.

Updates

Appeal created

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.