Alchemix Transmuter

Alchemix

DeFiFoundrySolidity

16,653 OP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Over-deposit Risk in `_deployFunds`

cipherhawk

Description

The _deployFunds function attempts to deposit _amount of asset (alETH) into the transmuter without checking whether the transmuter enforces a deposit cap or has enough capacity. If there is a deposit limit, the transmuter may revert when exceeding it. The strategy does not catch or handle this scenario gracefully, potentially causing user-facing transaction failures whenever that limit is reached.

Impact: Medium

User Deposits Blocked
- Any new deposit that triggers _deployFunds might revert if the transmuter limit is already reached.
Confusion & Poor UX
- Users see failed transactions, but the reason (transmuter deposit limit hit) is not surfaced or handled.
Protocol Downtime
- Requires manual intervention to adjust limits or code updates, blocking normal operation until resolved.

Evidence from Code

function _deployFunds(uint256 _amount) internal override {

transmuter.deposit(_amount, address(this)); // No check for deposit limit

}

No check or fallback if transmuter.deposit reverts due to exceeding limits.

Potential Failure Scenario

Deposit Limit Reached
- The transmuter sets a global or per-address maximum deposit.
User Initiates Large Deposit
- _deployFunds tries to deposit beyond the limit, causing the transmuter’s internal require to fail.
Revert with No Recovery
- The transaction reverts, blocking the user’s deposit. The strategy has no fallback or partial deposit mechanism.

Recommended Mitigations

Check Available Deposit Capacity
- Before calling transmuter.deposit, query how much can still be deposited. If _amount exceeds that, either deposit the max allowed or revert with a clear error message.
uint256 remainingCapacity = transmuter.getRemainingCapacity();
if (_amount > remainingCapacity) {
// revert with informative message or deposit partial
}
Partial Deposit Logic
- If partial deposits are acceptable, the strategy can deposit only the allowed amount and keep the remainder in idle state or revert with a more user-friendly reason.
User-Facing Notifications
- Return or emit an event clarifying that the transmuter is at capacity to reduce confusion.
Graceful Fallback
- If deposit fails, consider an alternative approach (e.g., hold the tokens in the strategy until capacity is available or allow the user to cancel the deposit).

Conclusion

Without checking transmuter limits before depositing, _deployFunds can revert unexpectedly under heavy usage or tight deposit caps. Adding validation, partial deposit handling, or clearer user feedback prevents blocked user deposits and enhances the protocol’s reliability.

Updates

Lead Judging Commences

inallhonesty Lead Judge

5 months ago

Appeal created

inallhonesty Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

16,653 OP

nSLOC

253

66 OP / LOC

High Medium

15,800

Low

853

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.