Incorrect balance check in `claimAndSwap` function let unprofitable swaps pass
Title
Incorrect balance check in claimAndSwap function let unprofitable swaps pass
Summary
claimAndSwap function misjudged the balance check before and after the claim & swap operation. This leads to potential fund loss for the strategy and let unprofitable swaps go through.
Vulnerability Details
Here's the implementation of claimAndSwap function in StrategyOp contract:
As seen above, claimAndSwap only counts the asset.balanceOf(address(this)) for balance change. This isn't accurate because it doesn't represent the actual balance of strategy contract.
As seen in balanceDeployed function, strategy balance aggregates the following 3 types of balance:
underlying.balanceOf(addres(this))
asset.balanceOf(addres(this))
transmuter.getUnexchangedBalance(address(this))
The current implementation relies solely on asset.balanceOf(address(this)) to track balance changes. This approach can result in an inaccurate minOut check, because while the asset balance could increase the underlying balance would decrease based on the claim amount.
Eventually, it potentially would cause fund losses for the strategy by allowing unprofitable swaps to proceed unchecked.
Impact
The flawed implementation risks severe financial losses, as unprofitable swaps may bypass validation, directly impacting the strategy’s profitability and exposing user funds to unnecessary vulnerabilities.
Tools Used
Manual Review
Recommendations
Before/after balance should be accurately checked in claimAndSwap function. Make the following adjustment:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.