Alchemix Transmuter
Alchemix
DeFiFoundrySolidity
16,653 OP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Setting block.timestamp to a deadline may cause transactions to fail

wttt

Summary

In Layer 2 (L2) networks, similar to Layer 1 (L1), there are potential issues when relying on block.timestamp for time-dependent operations, such as setting a deadline for token swaps. Despite L2 offering faster transaction processing and reduced latency, the synchronization with Layer 1 (L1) can introduce discrepancies in block timestamps. These discrepancies can lead to failed transactions if the block.timestamp used as a deadline becomes outdated due to network delays, block confirmation times, or price fluctuations in decentralized exchanges.

Vulnerability Details

https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyArb.sol#L87

https://github.com/Cyfrin/2024-12-alchemix/blob/82798f4891e41959eef866bd1d4cb44fc1e26439/src/StrategyOp.sol#L102

function claimAndSwap(uint256 _amountClaim, uint256 _minOut, IVeloRouter.route[] calldata _path ) external onlyKeepers {
transmuter.claim(_amountClaim, address(this));
uint256 balBefore = asset.balanceOf(address(this));
_swapUnderlyingToAsset(_amountClaim, _minOut, _path);
uint256 balAfter = asset.balanceOf(address(this));
require((balAfter - balBefore) >= _minOut, "Slippage too high");
transmuter.deposit(asset.balanceOf(address(this)), address(this));
}
/**
@dev internal function for swapping WETH to alETH via Velo Router
*/
function _swapUnderlyingToAsset(uint256 _amount, uint256 minOut, IVeloRouter.route[] calldata _path) internal {
// TODO : we swap WETH to ALETH -> need to check that price is better than 1:1
// uint256 oraclePrice = 1e18 * 101 / 100;
require(minOut > _amount, "minOut too low");
uint256 underlyingBalance = underlying.balanceOf(address(this));
require(underlyingBalance >= _amount, "not enough underlying balance");
IVeloRouter(router).swapExactTokensForTokens(_amount, minOut, _path, address(this), block.timestamp);
}

The purpose of these two functions is to exchange WETH for ALETH and ensure that the amount of ALETH is greater than the amount of WETH. For example, if 1e18 WETH is input, 1.01e18 ALWETH is output. However, setting the time in the swapExactTokensForTokens function to block.timestamp will cause a problem. If an output path has been found to output the amount that satisfies ALWETH, but block.timestamp has been jumped out, this will cause the transaction to fail, because the output that meets this condition may not be at the current time.

Impact

• In DeFi exchange protocols, prices can fluctuate over time, especially in high-frequency trading or market volatility. Even when a satisfying output path is found (e.g., 1e18 WETH exchanged for 1.01e18 ALETH), market conditions can change in just a few seconds.
• If block.timestamp is set as the deadline, the transaction may be considered expired due to timestamp mismatch or network latency, resulting in transaction failure.

Tools Used

Manual review

Recommendations

Add buffer to block.timestamp: As mentioned before, it is recommended to add a certain buffer time to the deadline. For example, use block.timestamp + 1 minutes to provide a sufficiently loose time window for transactions to prevent transaction failures due to network delays or inconsistent block confirmation times.

IVeloRouter(router).swapExactTokensForTokens(_amount, minOut, _path, address(this), block.timestamp+60);
Updates

Appeal created

inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
inallhonesty Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Known issue

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.