Dear Alchemix team and users,
I have identified a way to exploit your smart contracts. With the help of this exploit I am able to drain your treasury, vaults and farms - COMPLETELY.
I have successfully recreated the same exploit on forks of your codebase.
I request you to make a donation of 101 ETH to 0x2C3B3D107491524288288DFf3884beC4F128716a and I will contact your founder who operates the phone number +1 30* *** 3343 with a full report.
I shall wait until 23:59 UTC on 18th August, 2021 before I proceed with demonstrating the drainage of 100% of the funds.
If my fees are not paid upfront, I will not be able to help you further in anyway.
(The same exploit also exists on NAOS Finance and I suggest the NAOS team to also look into sharing the fees.)
P.S. - I could have brought this to your attention privately but I have been burned by several (even popular) DeFi projects. They have refused to pay me a reasonable bounty after receiving the details of security issues and patching it from their end.