Steadefi
Steadefi
DeFiHardhatFoundryOracle
35,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Valid

the change in `GMXReader` break the protocol functionality

ElHaj

Summary

  • the gmxOracle contract dependes on gmxReader (syntheticReader) contract . and it's address marked as immutable while the GMX team stated tha it can be changed in the future. if this happend the GMXOrcale contract will be broken. and even the owner can't recover in this situation .since the gmxVault doesn't have any function Or mechanism to change GMXOrcale address.

Vulnerability Details

  • the gmxOracle contract dependes on gmxReader contract . it's address marked as immutable while the GMX team stated that it can be changed in the future. you can see that here

  • in this case where the gmxReader contract address change the gmxOracle contract will be broken. since it's depends on it on the most important components of the protocol (Determine the value of GM token , get market info ...ect)

  • also notice that even the owner can't update the gmxOracle address in this situation .since the gmxVault strategy doesn't have any function Or mechanism to update this address,

Impact

  • The whole functionality of the vaultStrategy will be broken.

Tools Used

manual review

Recommendations

  • add a function that allow the owner to update the address of the gmxOracle in case this happend.

Updates

Lead Judging Commences

hans Lead Judge about 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

Immutable external address

Impact: High Likelihood: Low

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.