Alchemix Transmuter

Alchemix

DeFiFoundrySolidity

16,653 OP

View results

Previous Next

Submission Details

Severity: high

Invalid

Potential Inconsistency with Router Fees

cipherhawk

Description

When swapping WETH to alETH via _swapUnderlyingToAsset, the function checks conditions such as:

require((balAfter - balBefore) >= _minOut, "Slippage too high");

require(minOut > _amount, "minOut too low");

However, AMMs can apply varying fee structures (stable vs. volatile pairs, multi-hop routes, etc.). Meeting minOut in absolute terms doesn’t guarantee a favorable swap price if high fees are involved.

Impact: Medium to High

Hidden High Fees
- A keeper could select a path that meets the minOut threshold yet still collects excessive fees. The strategy ends up accepting worse pricing.
No External Reference Price
- Without an oracle or robust slippage check, the contract merely trusts the keeper’s minOut value, opening the door to suboptimal trades.
User Funds at Risk
- Over time, repeated fee-heavy routes reduce overall yield and can erode the value of user deposits.

Evidence from Code

An example snippet from _swapUnderlyingToAsset:

function _swapUnderlyingToAsset(

uint256 _amount,

uint256 minOut,

IVeloRouter.route[] calldata _path

) internal {

require(minOut > _amount, "minOut too low");

uint256 balBefore = asset.balanceOf(address(this));

// Perform swap

IVeloRouter(router).swapExactTokensForTokens(

_amount,

minOut,

_path,

address(this),

block.timestamp

);

uint256 balAfter = asset.balanceOf(address(this));

require((balAfter - balBefore) >= minOut, "Slippage too high");

}

The code only checks that final output tokens exceed minOut. It does not verify the effective price paid when accounting for different fee tiers or multiple hops.

Potential Attack / Manipulation Scenario

Path with Elevated Fees
- A keeper or malicious actor chooses a route that includes multiple high-fee pairs, fulfilling minOut but siphoning additional fees along the way.
Strategy Accepts Trade
- Because _swapUnderlyingToAsset sees the final output surpasses minOut, it deems the trade acceptable, even if a substantial portion of the swap value went to fees.
Cumulative Value Loss
- Frequent high-fee swaps degrade the strategy’s returns, hurting depositors.

Recommended Mitigations

Reference an On-Chain Oracle or Price Feed
- Ensure that the final swapped amount is within a small slippage range relative to an oracle-based fair price:
  
  // Pseudocode:
  uint256 fairPriceOutput = _amount * oraclePrice / 1e18;
  require((balAfter - balBefore) >= fairPriceOutput * (100 - maxSlippageBasisPoints) / 10000, "Excessive slippage");
Enforce Stricter Slippage / Fee Controls
- Instead of only relying on minOut, incorporate a logic that calculates an acceptable slippage limit for the current market conditions and fees.
Whitelist or Validate Swap Paths
- Restrict swap paths to known, reputable pools with predictable or minimal fees, preventing keepers from routing through obscure or high-fee pools.
Limit Multi-Hop Paths
- If possible, reduce the number of hops in the swap route to lower total fees.

Updates

Appeal created

inallhonesty Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

16,653 OP

nSLOC

253

66 OP / LOC

High Medium

15,800

Low

853

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.