56776 sc high tvl manipulation via missing mytsharesdeposited decrement in liquidations

Submitted on Oct 20th 2025 at 15:16:52 UTC by @failsafe_intern for Audit Comp | Alchemix V3

Report ID: #56776
Report Type: Smart Contract
Report severity: High
Target: https://github.com/alchemix-finance/v3-poc/blob/immunefi_audit/src/AlchemistV3.sol
Impacts:
- Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield

Description

2. Description

Vulnerability Overview

Liquidations transfer MYT tokens out of AlchemistV3 without decrementing the _mytSharesDeposited accounting variable, causing getTotalUnderlyingValue() to overstate TVL. This inflated TVL reduces the badDebtRatio in Transmuter redemptions, allowing users to extract more MYT than the system can sustain, leading to protocol insolvency.

Root Cause

AlchemistV3.sol:546-550 - _doLiquidation() transfers MYT without updating accounting:

// LINE 546: Transfer MYT to transmuter
TokenUtils.safeTransfer(myt, transmuter, amountLiquidated - feeInYield);

// LINE 550: Transfer fee to liquidator
if (feeInYield > 0 && account.collateralBalance >= feeInYield) {
    TokenUtils.safeTransfer(myt, msg.sender, feeInYield);
}

// ❌ MISSING: _mytSharesDeposited -= amountLiquidated;

AlchemistV3.sol:916-919 - _getTotalUnderlyingValue() uses stale _mytSharesDeposited:

function _getTotalUnderlyingValue() internal view returns (uint256 totalUnderlyingValue) {
    uint256 yieldTokenTVLInUnderlying = convertYieldTokensToUnderlying(_mytSharesDeposited);
    totalUnderlyingValue = yieldTokenTVLInUnderlying;
}

Transmuter.sol:108-115 - claimRedemption() uses inflated TVL in badDebtRatio:

uint256 yieldTokenBalance = TokenUtils.safeBalanceOf(alchemist.myt(), address(this));
uint256 denominator = alchemist.getTotalUnderlyingValue() + alchemist.convertYieldTokensToUnderlying(yieldTokenBalance) > 0
    ? alchemist.getTotalUnderlyingValue() + alchemist.convertYieldTokensToUnderlying(yieldTokenBalance)
    : 1;
uint256 badDebtRatio = alchemist.totalSyntheticsIssued() * 10 ** TokenUtils.expectDecimals(alchemist.myt()) / denominator;

uint256 scaledTransmuted = amountTransmuted;

if (badDebtRatio > 1e18) {
    scaledTransmuted = amountTransmuted * FIXED_POINT_SCALAR / badDebtRatio;
}

Comparison with Correct Implementations:

Other functions correctly decrement _mytSharesDeposited when transferring MYT:

// LINE 358: withdraw() - CORRECT ✅
_mytSharesDeposited -= amount;

// LINE 441: burn() - CORRECT ✅
_mytSharesDeposited -= convertDebtTokensToYield(credit) * protocolFee / BPS;

// LINE 489: repay() - CORRECT ✅
_mytSharesDeposited -= creditToYield * protocolFee / BPS;

Liquidation at lines 546-550 is the only MYT transfer path missing the accounting update.

Attack Flow

Phase 1: TVL Inflation

Liquidatable positions exist (normal market volatility)
Liquidator calls liquidate(accountId)
Line 546: MYT transferred to transmuter (actual balance decreases)
Line 550: Fee transferred to liquidator (actual balance decreases further)
Missing: _mytSharesDeposited remains unchanged (accounting balance unchanged)
Result: _mytSharesDeposited > actual MYT balance by amountLiquidated

After N liquidations:

_mytSharesDeposited overstatement = Σ(amountLiquidated_i)
Actual MYT balance = initial - Σ(amountLiquidated_i)
TVL inflation = overstatement / actual balance

Phase 2: Exploitation via Transmuter 7. User has transmuter redemption position 8. Calls Transmuter.claimRedemption() 9. Line 108: denominator calculation uses inflated getTotalUnderlyingValue() 10. Line 112: badDebtRatio artificially reduced due to inflated denominator 11. Line 115: Less scaling applied (or none at all) 12. Result: User receives more MYT than sustainable

Mathematical Impact:

True TVL = $100M
Inflated TVL = $120M (20% overstatement from cumulative liquidations)

True badDebtRatio = totalDebt / $100M = 1.2 (120% debt ratio)
Inflated badDebtRatio = totalDebt / $120M = 1.0 (100% debt ratio)

Redemption scaling:
- True: scaledTransmuted = amountTransmuted * 1e18 / 1.2 = 83.3% of requested
- Inflated: scaledTransmuted = amountTransmuted (no scaling, 100% of requested)

Excess extraction = 16.7% per redemption

Impact

Critical Severity - Protocol Insolvency Risk

Direct Economic Loss:

Each liquidation permanently inflates _mytSharesDeposited
Cumulative effect grows unbounded with liquidation volume
10-50% excess MYT extraction realistic based on typical liquidation activity
Entire transmuter MYT balance at risk of drain

Systemic Risk:

Bank run scenario as users race to redeem at favorable rates
Affects all transmuter redemption holders
Bad debt socialized across remaining depositors
No automatic correction mechanism

Attack Economics:

Setup: Use existing underwater positions or create minimal positions
Execution: ~0.5-1 ETH gas for multiple liquidations + redemptions
Profit: Scales with protocol TVL and liquidation volume
ROI: 1000-5000% if cycling liquidations and redemptions

Real-World Example:

Scenario: Protocol has $50M TVL, $60M debt
- Normal week: 100 liquidations totaling $5M
- _mytSharesDeposited overstated by $5M (10% inflation)
- Attacker redeems $1M position
- Should receive: $833k (scaled for bad debt)
- Actually receives: $1M (no scaling due to inflated TVL)
- Excess extraction: $167k (~20% profit)
- Cost: <$1k gas fees

Total Value at Risk:

All transmuter MYT reserves
All AlchemistV3 collateral (indirectly via bad debt)

Link to Proof of Concept

https://gist.github.com/Joshua-Medvinsky/607238c6e7045f361ecb828338bb5b25

Proof of Concept

3. Proof of Concept

Step-by-Step Reproduction

Setup:

// Initial state:
_mytSharesDeposited = 1000 MYT
IERC20(myt).balanceOf(AlchemistV3) = 1000 MYT
getTotalUnderlyingValue() = $1M
Transmuter MYT balance = 500 MYT

Step 1: Liquidation Occurs

// User account:
accountId = 1
debt = 100 ETH worth
collateralBalance = 80 MYT (undercollateralized)
collateralizationRatio = 80% < lowerBound (150%)

// Liquidator calls:
AlchemistV3.liquidate(accountId);

Step 2: MYT Transferred Without Accounting Update

// LINE 546: _doLiquidation() transfers to transmuter
amountLiquidated = 90 MYT
feeInYield = 9 MYT (10% liquidation fee)
TokenUtils.safeTransfer(myt, transmuter, 81 MYT);  // 90 - 9

// LINE 550: Transfer fee to liquidator
TokenUtils.safeTransfer(myt, msg.sender, 9 MYT);

// Actual balance changes:
IERC20(myt).balanceOf(AlchemistV3) = 1000 - 90 = 910 MYT  // ✅ Correct

// Accounting does NOT change:
_mytSharesDeposited = 1000 MYT  // ❌ WRONG (should be 910)

Step 3: TVL Inflation Manifest

// Query TVL:
uint256 tvl = AlchemistV3.getTotalUnderlyingValue();

// LINE 916-919: Calculation uses stale _mytSharesDeposited
tvl = convertYieldTokensToUnderlying(1000 MYT) = $1M  // ❌ INFLATED

// True TVL should be:
true_tvl = convertYieldTokensToUnderlying(910 MYT) = $910k  // ✅ Correct

// Inflation = 9.9% ($90k overstatement)

Step 4: Excess MYT Extraction via Transmuter

// Attacker redeems from Transmuter:
Transmuter.claimRedemption(accountId);

// LINE 108-112: Calculate badDebtRatio
yieldTokenBalance = 581 MYT  // 500 + 81 from liquidation
denominator = $1M + convertYieldTokensToUnderlying(581 MYT) = $1.581M  // ❌ INFLATED
totalSyntheticsIssued = $1.9M
badDebtRatio = $1.9M * 1e18 / $1.581M = 1.2018e18

// LINE 115: Apply scaling
scaledTransmuted = 100 MYT * 1e18 / 1.2018e18 = 83.2 MYT

// But with correct TVL:
true_denominator = $910k + convertYieldTokensToUnderlying(581 MYT) = $1.491M
true_badDebtRatio = $1.9M * 1e18 / $1.491M = 1.274e18
true_scaledTransmuted = 100 MYT * 1e18 / 1.274e18 = 78.5 MYT

// Excess extraction = 83.2 - 78.5 = 4.7 MYT per redemption

Step 5: Cumulative Effect

// After 100 liquidations (typical weekly volume):
total_liquidated = 9000 MYT
_mytSharesDeposited = 1000 MYT  // ❌ Never decremented
actual_balance = 100 MYT  // ✅ Reflects reality

// TVL inflation = 900% (10x overstatement)
// All redemptions receive nearly 10x more MYT than sustainable
// Protocol insolvent within days

Validation Steps

Expected Behavior:

_mytSharesDeposited should equal or be less than actual MYT balance
TVL should reflect actual assets under management
badDebtRatio should accurately represent protocol health

Actual Behavior:

_mytSharesDeposited exceeds actual balance after liquidations
TVL artificially inflated
badDebtRatio underestimates risk, enabling excess redemptions

Invariant Violation:

// This invariant should ALWAYS hold:
assert(_mytSharesDeposited <= IERC20(myt).balanceOf(address(this)));

// After liquidations, this reverts ❌

Code References

Vulnerable Function:

_doLiquidation() at lines 508-575 (AlchemistV3.sol)
- Missing decrement at line 546 (after transmuter transfer)
- Missing decrement at line 550 (after liquidator fee transfer)

Affected Functions:

_getTotalUnderlyingValue() at lines 916-919 (AlchemistV3.sol)
claimRedemption() at lines 97-146 (Transmuter.sol)

Correct Implementations (for comparison):

withdraw() at line 358 (AlchemistV3.sol) ✅
burn() at line 441 (AlchemistV3.sol) ✅
repay() at line 489 (AlchemistV3.sol) ✅

Mitigation

Immediate Fix (Required):

// In _doLiquidation() after line 550:
function _doLiquidation(uint256 accountId, uint256 collateralInUnderlying, uint256 repaidAmountInYield)
    internal
    returns (uint256 amountLiquidated, uint256 feeInYield, uint256 feeInUnderlying)
{
    // ... existing logic ...
    
    // LINE 546: Transfer to transmuter
    TokenUtils.safeTransfer(myt, transmuter, amountLiquidated - feeInYield);
    
    // LINE 550: Transfer fee to liquidator
    if (feeInYield > 0 && account.collateralBalance >= feeInYield) {
        TokenUtils.safeTransfer(myt, msg.sender, feeInYield);
    }
    
    // ✅ ADD THIS: Decrement accounting for total MYT transferred out
    _mytSharesDeposited -= amountLiquidated;
    
    // ... rest of function ...
}

Previous57749 sc low zeroxswapverifier misses critical sender recipient minout validations allowing malicious 0x calldata to drain funds critical direct theft Next57023 sc high global earmark not reduced in forcerepay lets redeem over burn global debt cross account leakage protocol insolvency

Was this helpful?

hashtagDescription

hashtag2. Description

hashtagVulnerability Overview

hashtagRoot Cause

hashtagAttack Flow

hashtagImpact

hashtagLink to Proof of Concept

hashtagProof of Concept

hashtag3. Proof of Concept

hashtagStep-by-Step Reproduction

hashtagValidation Steps

hashtagCode References

hashtagMitigation