ID:
alchemix-1129
100 pts
Platform:
Type:
Category:
Method:
Data Sources:
Multi-chains
Dapp
Derivatives
Rewards - Bug Bounties
Extended Method:
Lack of access control to setWhitelist()
Days in Operation:
733
(2.01 Years)
100 pts each
Alchemix is a protocol that provides instant loans which pay themselves off over time through future yield. Users can deposit DAI, and the protocol in turn mints the users alUSD, which is a synthetic token that tokenizes future yield.
Whitehat Ashiq Amien, security researcher at the auditing firm iosiro, discovered a vulnerability in Alchemix, which consisted of an access control issue. The vulnerability was given a severity rating of “high.” Alchemix rewarded Ashiq a bounty of $7,500, paid to iosiro at request. Funds at risk were very low, though if the bug had remained undetected and unpatched, it’s possible that it would have become a much bigger issue down the line for future Alchemix strategies.
The actual problem, however, was present in the AlchemistEth.sol contract in the function setWhitelist(). Any user could have called setWhitelist() to give an attacker the ability to call the harvest function (harvesting the yield of any vault) or to call the flush function (depositing all buffered tokens to the active vault).
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.