Wrong PNL Factor for Deposits in `GMXdeposit` Contract Can Lead to Excessive Profits and Losses for Depositors
Summary
The vulnerability in the GMXDeposit contract exposes depositors to varying levels of maximum profits and losses during deposits, contrary to the intended risk parameters, as a result of the misapplied Profit and Loss (PNL) factor. This vulnerability jeopardizes the financial equilibrium between users, the protocol and the vault."
Vulnerability Details
The vulnerability arises from the incorrect usage of the PNL factor. In the deposit() function, the isDeposit parameter is consistently set to "false." Consequently, the getLpTokenValue() function employs the MAX_PNL_FACTOR_FOR_WITHDRAWALS parameter for deposit value calculations, rather than the intended MAX_PNL_FACTOR_FOR_DEPOSITS. This misalignment between deposits and withdrawals leads to unpredictably advantageous or detrimental outcomes for depositors.
Impact
The vulnerability exposes depositors to variable maximum profits and losses during deposits, contrary to the intended risk parameters. This can benefit depositors seeking higher profits but potentially harms the protocol and vault. Deposit limits may be exceeded, compromising the system's security.
Tools Used
Manual analysis
Recommendations
Developers should adjust the isDeposit parameter in the deposit() function to "true," ensuring the getLpTokenValue() function correctly employs the MAX_PNL_FACTOR_FOR_DEPOSITS parameter for deposit value calculations.
Lead Judging Commences
Wrong PNL Factor in GMXDeposit for for lpToken
Impact: Medium Likelihood: High The impact of using a wrong price (conservative vs optimistic) is limited, especially given the users specify the slippage.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.