In case if compound has failed, then do not put it to Compound_Failed to avoid block
Summary
In case if compound was canceled on GMX, then protocol set Compound_Failed state, which allows only to do compound again.
Vulnerability Details
When protocol decides to compound tokens, then it sends tokenA/tokenB from Trove and swap any other token to tokenA or tokenB. After that deposit is done. This deposit can be canceled and in this case processCompoundCancellation is called, which set protocol state to Compound_Failed.
This actually means that currently, the only transition that protocol has is to do compound again. But because compound deposit was canceled on GMX, it is likely that it will do so again, because of some preconditions. As result protocol can be blocked in Compound_Failed.
Impact
Protocol is blocked.
Tools Used
VsCode
Recommendations
In case if compound was canceled, then just set state to Open and maybe execute compound later.
Lead Judging Commences
Wrong status transition on processCompoundCancellation
Impact: High Likelihood: Low The sponsor confirmed it's a typo in the diagram but the documentation/source is the source of truth for the hawks. Will group all findings pointing out the wrong status transition to Compound_Failed based on the diagram.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.