Incorrect check based on assumption that AlETH is 1:1 with underlying asset
Vulnerability Details
In the given below functions
swapUnderlyingToAsset
claimAndSwap
swapUnderlyingToAsset
Check is applied to ensure that on conversion of WETH to ALETH prices must be better than 1:1 but it is not correct as in the given Alchemix doc -> collateral-to-debt ratio is 2:1 so user can borrow 50% of their collateral and there is 1:1 peg between synthetic token and collateral and Actual collateral in this case are yield-bearing tokens not underlying tokens.
Consider the Scenario:
Suppose user deposits 1000 WETH.
It is converted to Yield bearing tokens with slippage of 5%.
Now actual collateral deposited is 950 yield tokens.
user is allowed to take loan amount upto 50% of collateral as loan which could mint upto 475 AlETH.
Clearly AIETH is not 1:1 pegged with WETH. The value of this AlETH is equivalent to yield token and is 1:1 pegged with yield token but these check require(minOut > _amount, "minOut too low"); while swapping WETH to AlETH are placed enforcing everytime on swap AlETH must be greater than WETH which is not correct.
Impact
Incorrect assumption can lead to accounting issues.
Tools Used
Manual
Recommendations
Avoid hardcoded check which based on assumption that AlETH to be 1:1 pegged with underlying asset and that AlETH recieved after swap must always be more than given WETH.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.