Alchemix Transmuter

Summary

```solidity

function claimAndSwap(

uint256 _amountClaim,

uint256 _minOut,

uint256 _routeNumber

) external onlyKeepers {

transmuter.claim(_amountClaim, address(this));

uint256 balBefore = asset.balanceOf(address(this));

require(_minOut > _amountClaim, "minOut too low");

router.exchange(

routes[_routeNumber],

swapParams[_routeNumber],

_amountClaim,

_minOut,

pools[_routeNumber],

address(this)

);

uint256 balAfter = asset.balanceOf(address(this));

require((balAfter - balBefore) >= _minOut, "Slippage too high");

transmuter.deposit(asset.balanceOf(address(this)), address(this));

}

```

Vulnerability Details

1. minOut Validation Logic is Incorrect

require(_minOut > _amountClaim, "minOut too low");

• Explanation:

_minOut typically represents the minimum output amount expected during a swap. Comparing _minOut directly with the input amount _amountClaim is flawed because the relationship between the input and output amounts depends on the exchange rate and market conditions. Such a comparison could unnecessarily reject valid transactions or allow unintended transactions under specific circumstances.

2. Re-depositing the Entire asset Balance

transmuter.deposit(asset.balanceOf(address(this)), address(this));

• Explanation:

After the swap, the function deposits the entire asset balance of the contract back into the transmuter. This might include balances unrelated to the current swap, leading to unclear asset management and potential security risks if other parts of the contract rely on those balances.

Impact

Tools Used

Recommendations