Alchemix contest details
- $118,750 DAI main award pot
- $6,250 DAI gas optimization award pot
- Join C4 Discord to register
- Submit findings using the C4 form
- Read our guidelines for more details
- Starts May 05, 2022 00:00 UTC
- Ends May 18, 2022 23:59 UTC
This contest is open for two weeks to give wardens time to understand the protocol properly. Submissions can be made any time during the contest. Representatives from Alchemix will be available in the Code Arena Discord to answer any questions during the contest period. The focus for the contest is to try and find any logic errors or ways to drain funds from the protocol in a way that is advantageous for an attacker at the expense of users with funds invested in the protocol. Wardens should assume that governance variables are set sensibly (unless they can find a way to change the value of a governance variable, and not counting social engineering approaches for this).
Alchemix Finance is a future-yield-backed synthetic asset platform and community DAO. The platform gives you advances on your yield farming via a synthetic token that represents a fungible claim on any underlying collateral in the Alchemix protocol. The DAO will focus on funding projects that will help the Alchemix ecosystem grow, as well as the greater Ethereum community.
- ALCX, the protocol governance token used to incentivize pool liquidity for synthetic assets
- gALCX, an autocompounding wrapper for the single-sided farm that can be used in governance
- alUSD, a synthetic stablecoin pegged to $1 issued to users as an advance on their future yield
- alETH, a synthetic token pegged to 1 ETH issued to users as an advance on their future yield
All the contracts in the
contracts-full folder are to be reviewed. The
contracts-hardhat is a subset of this that you can use to run the test suite. Any contracts not in this list are to be ignored for this contest. To deeply understand the protocol, wardens may find helpful the user docs, developer docs, our Medium posts, or a popular YouTube explainer focusing on V1. The audit report from Runtime Verification also contains valuable insight into protocol invariants.
AlchemicTokenV2.sol (228 loc)
The synthetic token minted by the protocol as an advance on user's yield.
CrossChainCanonicalAlchemicTokenV2.sol (22 loc)
An upgradeable version that is compatible with crosschain bridges.
gALCX.sol (110 loc)
An autocompounding wrapper for ALCX that is the crosschain native token.
CrossChainCanonicalGALCX.sol (19 loc)
An upgradeable version that is compatible with crosschain bridges.
AlchemistV2.sol (1752 loc)
The AlchemistV2 is the core contract in any Alchemix debt-system that holds Account data and issues that system's debt tokens. The AlchemistV2 is flexible enough to accept deposits in the form of either yield-bearing-assets or underlying collateral assets (and wrapping said underlying tokens into their yield-bearing form).
An Account in the Alchemist has multiple components. The first 2 data-points to understand are balances and debt. Balances is a mapping of yieldTokens to the Account's respective balance of Alchemist-shares. Shares represent a user's deposit of yieldTokens in the AlchemistV2, and provide an accounting abstraction that helps the AlchemistV2 avoid bank-run scenarios. Debt is an int256 type that represents both the account's debt (positive values) and credit (negative values). An Account manages its debt by tracking the lastAccruedWeights of the various depositedTokens that it is holding. An Account also has the ability to track mintAllowances and withdrawAllowances that allow 3rd-party accounts to mint and withdraw its assets.
TransmuterBuffer.sol (571 loc)
An interface contract to buffer funds between the Alchemist and the Transmuter. The TransmuterBuffer sits between the Alchemist and Transmuter, buffering funds that are passed to it as a result of calls to repay(), liquidate(), or harvest(). Each TransmuterBuffer handles a single synthetic type, and all collateral types underlying that synthetic. The TransmuterBuffer has configurable flow rates that determine the maximum rate that collateral can be passed to its transmuter. Funds that are held in the TransmuterBuffer but have not yet been exchanged in the Transmuter can be redeposited into the Alchemist to boost yield for depositors, or sent to the Elixir. Funds that have been exchanged into the Transmuter must remain in the TransmuterBuffer.
TransmuterV2.sol (575 loc)
The TransmuterV2 is the main contract in any Alchemix debt-system that helps put upward pressure on the price of the debt-token relative to its collateral asset(s) by allowing any market participant to exchange the supported debt-token for underlying collateral at a 1:1 rate. Each TransmuterV2 supports a single debtToken and a single underlyingToken as collateral, and is able to exchange the debtToken for only that underlyingToken. The TransmuterV2 recieves underlyingTokens from the AlchemistV2 (via the TransmuterBuffer) whenever any of the repay(), liquidate(), or harvest() functions are called. The repaid, liquidated, or harvested collateral is first sent to the TransmuterBuffer, where excess funds that are not exchanged in the TransmuterV2 can be deposited back into the AlchemistV2 to boost yields for Alchemist depositors, or be deployed elsewhere (like the Elixir AMO) to help maintain the peg. After a user deposits debtTokens into the TransmuterV2, they recieve "exchanged tokens" into their account over time, representing the amount of debtToken that has been implicitly converted to underlyingToken that have dripped into the TransmuterV2. This rate of conversion is, at most, the rate that collateral is exchanged into the TransmuterV2 multiplied by their overall percent stake of debtTokens in the TransmuterV2. While collateral recieved from harvest() calls has a relatively stable rate, collateral recieved from repay() and liquidate() functions are entirely user dependent, causing the overall transmutation rate to potentially fluctuate. Additionally, there is a configurable flow rate in the TransmuterBuffer that can be used to control the flow of transmutable collateral. It acts as another cap on the speed at which funds are exchanged into the TransmuterV2.
A note on Proxies:
The above 3 contracts are the main logic controllers in any Alchemix debt system. In order to ensure that AlchemixV2 is easily upgradeable should any issues arise, they have each been proxied using TransmuterUpgradeableProxy.
Core Protocol Vault Adapters
YearnTokenAdapter.sol (58 loc)
An adapter to invest user tokens into Yearn.
FuseTokenAdapterV1.sol (109 loc)
An adapter to invest user tokens into Fuse.
WstETHAdapterV1.sol (148 loc)
An adapter to invest user tokens into Lido's wstETH.
RETHAdapterV1.sol (103 loc)
An adapter to invest user tokens into Rocket Pool's rETH.
VesperAdapterV1.sol (107 loc)
An adapter to invest user tokens into Vesper.
Automated Market Operator
TransmuterConduit.sol (43 loc)
A helper contract for admins to migrate funds from the V1 Transmuter to the V2 Transmuter or AMO.
EthAssetManager.sol (724 loc)
An automated market operator to ensure peg stability on alETH and ETH.
ThreePoolAssetManager.sol (1040 loc)
An automated market operator to ensure peg stability on alUSD and stablecoins.
Both the EthAssetManager and ThreePoolAssetManager are considered Elixirs. They operate on the assets of separate AlchemixV2 debt systems, but perform essentially the same tasks. Their 2 main modes of operating are:
- Add underlyingTokens to the curve pool and deposit the resulting curve LP tokens into Convex.
- Withdraw curve LP tokens from Convex and recall underlyingTokens from the curve pool.
StakingPools.sol (441 loc)
A staking contract to give ALCX rewards to various LP and single-sided stakers.
WETHGateway.sol (96 loc)
Turns ETH into WETH and deposits into the Alchemist. Also withdraws WETH from the Alchemist and exchanges it for ETH to send to the designated receiver.
AutoleverageCurveFactoryethpool.sol (49 loc)
Lets users zap into a leveraged collateralized debt position on alETH.
AutoleverageCurveMetapool.sol (34 loc)
Lets users zap into a leveraged collateralized debt position on alUSD.
Whitelist.sol (63 loc)
A whitelist used for the beta stage of protocol release, restricts access to all EOAs and certain whitelisted contracts.
FixedPointMath.sol (181 loc)
A fixed point math library.
Limiters.sol (102 loc)
A library to limit debt taken out in a certain timeframe.
LiquidityMath.sol (49 loc)
More fixed point math helpers.
SafeCast.sol (29 loc)
Transforms values between int256 and uint256.
Sets.sol (68 loc)
Implementation of the set datatype.
Tick.sol (120 loc)
Implements a linked-list system for use in calculating users' earned yield as it accrues.
TokenUtils.sol (159 loc)
Helper methods for interacting with a broad range of contracts that don't implement the ERC20 spec precisely.
Potential protocol concerns
Securing user funds is the top priority. On top of that, ensuring all accounting logic functions exactly as specified without any reentrancy vulnerabilities. We encourage wardens to focus on the flow of funds throughout the entire yield generation process.
Areas of focus for Wardens
We would like wardens to focus on any core functional logic, boundary case errors or similar issues which could be utilized by an attacker to take funds away from clients who have funds deposited in the protocol. We would also encourage focus on any mathematical accounting that could cause users to receive more or less credit than they should. That said, any errors may be submitted by wardens for review and potential reward as per the normal issue impact prioritization. Gas optimizations are welcome but not the main focus of this contest and thus at most 10% of the contest reward will be allocated to gas optimizations. For gas optimizations the most important flows are client deposit and withdrawal flows.
If wardens are unclear on which areas to look at or which areas are important please feel free to ask in the contest Discord channel.
A full suite of unit tests is provided for the repo. As Alchemix is in the process of migrating from Hardhat to Foundry, some slight configuration tweaks may be needed to run the suite.
A working instance of Alchemix v2 has been deployed on Ethereum mainnet in a beta launch, with deposit caps on all vaults. Mint functionality Mint functionality is open for all synthetics, and users are welcome to use and play around with the protocol. But if you want to do do an extensive amount of interactions with the protocol, we would kindly ask you to do so on a fork. All issues should be reported privately via code4rena rather than demonstrated on mainnet to maintain eligibility.
The following contracts are deployed:
|Transmuter Whitelist (DAI)||0xdd8AC2d5A739Bb4a591C5b0c7e613B810fE83fF1|
|Transmuter Whitelist (USDT)||0x46f992D00C2Dfb6FbbbB64d69Ab353c2fC435ACE|
Set your node version to version 16, the current LTS.
yarn install npx hardhat typechain npx hardhat compile npx hardhat test
This will run everything in the
test-hardhat folder against the contracts subset contained in
contracts-hardhat. Note that there are additional contracts within
contracts-full that were developed and tested using forge, so these are not compatible with the hardhat test suite but are still within contest scope.