Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Closed vault should not accrue fee

rvierdiiev

Summary

In case if GMXVault is closed, then protocol still charges management fee.

Vulnerability Details

GMXVault has management fee that is accrued over time on totalSupply of the vault. This management fee is paid for the protocol to cover some external operations that they do and smth else maybe :).

It also possible that GMXVault is closed. In this case it means that protocol has failed with management, so no fees should be accrued anymore.

However, mintFee function is allowed to be called any time, even if pool is closed already.

Impact

Usuer continue to pay fees for not working vault.

Tools Used

VsCode

Recommendations

When you close Vault, then call mintFee last time. Also do not allow to call mintFee, when vault is closed.

Updates

Lead Judging Commences

hans Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

Disable mintFee during emergency

Impact: High Likelihood: Low Fee calculation must be stopped during an emergency. Typical problem that can happen for pausable protocols.

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.