Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: high
Invalid

Unchecked `claimAndSwap` Parameter Leading to Potential Reverts

cipherhawk

Issue:

The claimAndSwap function lacks validation of the _amountClaim parameter against the actual claimable balance from the ITransmuter. If a Keeper provides an _amountClaim greater than the getClaimableBalance() for the strategy, the call to transmuter.claim() may revert, disrupting operations or creating inefficiencies.

Impact:

Medium to High.

  1. Operational Disruption: If _amountClaim exceeds the claimable amount, the function will revert, preventing swaps from proceeding and halting yield generation.

  2. Keeper Costs: Reverting transactions consume gas, leading to inefficiencies for Keepers performing valid operations.

  3. Systemic Impact: Continuous reverts can destabilize the strategy, leading to delayed fund rebalancing or misaligned user expectations for yield.

Evidence from Code:

function claimAndSwap(
uint256 _amountClaim,
uint256 _minOut,
IVeloRouter.route[] calldata _path
) external onlyKeepers {
transmuter.claim(_amountClaim, address(this)); // No check against claimable balance
uint256 balBefore = asset.balanceOf(address(this));
require((balAfter - balBefore) >= _minOut, "Slippage too high");
transmuter.deposit(asset.balanceOf(address(this)), address(this));
}

The transmuter.claim() call directly uses _amountClaim without validating it against transmuter.getClaimableBalance(address(this)).

Potential Attack or Mismanagement Scenarios:

  1. Overestimated Claims by Keepers:

    • A Keeper unintentionally or maliciously specifies _amountClaim greater than getClaimableBalance().

    • The transmuter.claim() function reverts, wasting gas and interrupting the strategy's operations.

  2. Repeated Reverts Leading to DoS:

    • Multiple calls with invalid _amountClaim values can lead to a Denial-of-Service (DoS) condition where valid swaps are delayed or entirely blocked.

  3. Exploitation of Revert Behavior:

    • An attacker manipulates Keepers into repeatedly submitting invalid _amountClaim values, causing operational disruptions.

Proposed Mitigations:

  1. Validation Check for _amountClaim: Ensure that _amountClaim does not exceed the claimable balance.

    require(
    _amountClaim <= transmuter.getClaimableBalance(address(this)),
    "Invalid claim amount"
    );

  2. Graceful Fallback Mechanism: If _amountClaim exceeds the claimable balance, adjust it dynamically to the available balance.

    uint256 claimable = transmuter.getClaimableBalance(address(this));
    uint256 amountToClaim = _amountClaim > claimable ? claimable : _amountClaim;
    transmuter.claim(amountToClaim, address(this));

Updated Function Implementation:

function claimAndSwap(
uint256 _amountClaim,
uint256 _minOut,
IVeloRouter.route[] calldata _path
) external onlyKeepers {
uint256 claimable = transmuter.getClaimableBalance(address(this));
require(_amountClaim <= claimable, "Invalid claim amount");
uint256 adjustedAmount = _amountClaim > claimable ? claimable : _amountClaim;
transmuter.claim(adjustedAmount, address(this));
uint256 balBefore = asset.balanceOf(address(this));
_swapUnderlyingToAsset(adjustedAmount, _minOut, _path);
uint256 balAfter = asset.balanceOf(address(this));
require((balAfter - balBefore) >= _minOut, "Slippage too high");
transmuter.deposit(asset.balanceOf(address(this)), address(this));
}

**Advantages of the fix **

  1. Resilience: Prevents unnecessary transaction failures, ensuring the strategy continues operating even under adverse conditions.

  2. Efficiency: Minimizes wasted gas from reverts, reducing operational costs for Keepers.

  3. Transparency: Logs adjustments and discrepancies, enhancing monitoring and debugging.

Updates

Appeal created

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.