Steadefi
Steadefi
DeFiHardhatFoundryOracle
35,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

GMXVault can stop working in case if GMX will change `Keys.MAX_CALLBACK_GAS_LIMIT` to smaller than 2 millions

rvierdiiev

Summary

Keys.MAX_CALLBACK_GAS_LIMIT is configurable param inside GMX protocol, which can be changed to value that is smaller than 2 millions. As Steadefi doesn't callback gas limit is hardcoded, deposits and withdraws can fail.

Vulnerability Details

GMXWorker library is used to send requests directly to GMX protocol. It contains addLiquidity and removeLiquidity functions that will create request on GMX and will be waiting for execution. Both these functions set 2 millions of gas as callbackGasLimit.

When deposit or withdraw request is handled on GMX side, then callbackGasLimit is validated to be not bigger than it's allowed. Keys.MAX_CALLBACK_GAS_LIMIT value is configurable and can be changed by GMX team. And in case if it will be less than 2 million, then all deposits and withdraws requests from steadefi will be reverted.

I leave this as medium severity, because of the fact that callback limit should be decreased first in order to create problems.

Impact

Deposits and withdraws from steadefi will be blocked.

Tools Used

VsCode

Recommendations

Make callbackGasLimit to be configurable.

Updates

Lead Judging Commences

hans Auditor
almost 2 years ago
hans Auditor
almost 2 years ago
hans Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

Hardcoded gas for callback execution

Impact: High Likelihood: Low GMX can change the MAX_CALLBACK_GAS_LIMIT to lower than 2m.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.