Alchemix Transmuter

Alchemix

DeFiFoundrySolidity

16,653 OP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Risks of Using block.timestamp in _swapUnderlyingToAsset Leading to Potential Transaction Failures and Exploitation

eta

Summary

The _swapUnderlyingToAsset function uses block.timestamp as the deadline for swaps, which introduces risks related to transaction delays, price inaccuracies, and potential exploitation in the contracts of StrategyArb.sol and src/StrategyOp.sol.

Vulnerability Details

src/StrategyArb.sol:_swapUnderlyingToAsset#L87
src/StrategyOp.sol:_swapUnderlyingToAsset#L102

function _swapUnderlyingToAsset(uint256 _amount, uint256 minOut, IVeloRouter.route[] calldata _path) internal {

// TODO : we swap WETH to ALETH -> need to check that price is better than 1:1

// uint256 oraclePrice = 1e18 * 101 / 100;

require(minOut > _amount, "minOut too low");

uint256 underlyingBalance = underlying.balanceOf(address(this));

require(underlyingBalance >= _amount, "not enough underlying balance");

IVeloRouter(router).swapExactTokensForTokens(_amount, minOut, _path, address(this), block.timestamp);

// @audit `block.timestamp` as a swap deadline without additional buffer or user-defined parameters

}

Using block.timestamp as a swap deadline without additional buffer or user-defined parameters can lead to the following issues:
- Transaction Delay Failures: If the transaction is delayed (e.g., due to network congestion), the deadline may be missed, causing the swap to revert unnecessarily.
- Price Outdated Risks: Transactions processed later may execute at outdated and unfavorable prices.

Impact

Reverts due to strict timing can frustrate users and degrade the contract's reliability.
Users might incur losses from failed swaps or unintended price fluctuations.
Lack of flexibility in setting deadlines cause fund losses for the Alchemix.

Recommendations

Allow users to specify a custom buffer to account for network delays:

+ uint256 deadline = block.timestamp + userDefinedBuffer;

+ require(userDefinedBuffer <= MAX_BUFFER, "Buffer exceeds limit");

Updates

Appeal created

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Prize pool breakdown

Total prize

16,653 OP

nSLOC

253

66 OP / LOC

High Medium

15,800

Low

853

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.