Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Return value from `balanceDeployed()` is not correct

0xhacksmithh

Summary

Vulnerability Details

As of my understanding this function (`balanceDeployed()`) returning net balance here

In transmuter case there is 2 type of balance

  • unexchanged balance

  • claimable balance

When a user deposits synthetic tokens into the Transmuter, the tokens are added to their UnexchangedBalance.

Over time, as collateral becomes available, the Transmuter converts the synthetic tokens to the underlying asset. This process reduces the UnexchangedBalance and increases the ClaimableBalance.

So here its important to consider claimable balance when we fetching Net Deployed balance,

or

balanceDeployed()should only called after calling transmuter.claim()in that case return value will be acurate.

function balanceDeployed() public view returns (uint256) {
return transmuter.getUnexchangedBalance(address(this)) + underlying.balanceOf(address(this)) + asset.balanceOf(address(this));
}

https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyArb.sol#L122-L124

https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyOp.sol#L135-L137

https://github.com/Cyfrin/2024-12-alchemix/blob/main/src/StrategyMainnet.sol#L146-L148

Impact

Tools Used

manual review

Recommendations

should add here claimable balance from transmuter.

Updates

Appeal created

inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Validated
Assigned finding tags:

balanceDeployed should include claimable

inallhonesty Lead Judge
8 months ago
inallhonesty Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.