Alchemix Bounty Auditor

Smart contract security audit checklist for Alchemix V2

BOUNTY ACTIVE

Target Contracts

AlchemistV2

Core vault — deposit, mint alAssets, liquidate

0x062B...3b5c

TransmuterV2

Transmuter — convert alAssets to underlying 1:1

0xA840...197F

alUSD

Synthetic USD stablecoin — alchemical dollar

0xBC6D...60E9

alETH

Synthetic ETH — alchemical ether

0x0100...7Ee6

AlchemixHarvester

Yield harvester — auto-compound strategies

0x7066...1B04

Audit Checklist (10 checks)

1

Self-Repaying Loan Logic

Critical

Verify yield correctly reduces debt over time

2

Transmuter Rate Manipulation

Critical

Check if transmuter exchange rate can be manipulated via flash loans

3

Vault Deposit/Withdraw Reentrancy

High

External calls in deposit/withdraw flow before state update

4

alAsset Mint/Burn Access Control

High

Only AlchemistV2 should mint alUSD/alETH

5

Harvester Slippage Protection

High

Verify max slippage bounds on yield harvest swaps

6

Oracle Price Feed Staleness

Medium

Check Chainlink heartbeat + deviation thresholds

7

Credit Limit Bypass

Critical

Verify max mint ratio cannot be exceeded via multiple txs

8

Strategy Migration Safety

Medium

Check if strategy migration can lock user funds

9

Whitelist/Sentinel Bypass

High

Verify keeper roles cannot be escalated

10

Cross-Token Interaction

Medium

Check alUSD/alETH interactions for arithmetic edge cases

Protocol Overview

Protocol

Alchemix V2

Type

Self-Repaying Loans

TVL

$100M+

Chain

Ethereum + Optimism