Steadefi

Summary

Denial of Service (DoS) vulnerability was identified which could occur under certain conditions during the token transfer back to the vault depositor.

Vulnerability Details

In GMXWithdraw.sol:158, the smart contract is vulnerable to a DoS attack in scenarios where token transfers are consistently failing due to external dependencies. This could occur in two specific cases:

1. An ERC777 token is used in the vault; since ERC777 uses hooks to inform the receiver about some events, a malicious contract can be crafted that reverts on the tokensReceived hook, preventing the tokens from being sent from the vault. Since ERC777 are not widely used this scenario would be rare.
   2.Tokens that implement a blacklist feature can restrict certain addresses from receiving or sending the token. This is often used as a compliance measure to prevent transactions involving prohibited parties. For example, a token like USDC has such a feature, allowing the token administrators to add addresses to a blacklist. If an address is blacklisted, any attempt to transfer tokens to or from it will fail and the transaction will revert.

In the context of GMXWithdraw.sol, if the contract attempts to transfer tokens back to a depositor's address that is on the blacklist, the token contract will revert the transfer. This causes the entire withdrawal transaction to fail, as the safeTransfer function used in the contract will revert. As a result, the withdraw process will fail preventing the GMXVault from switching back to a Status.Open state, making other users unable to use the blocked Strategy vault.

Tools Used

• Manual Review

Recommendations

Fallback Withdrawal Mechanism: Implement a non-reverting withdrawal method that allows the withdrawal to proceed even if the safeTransfer call fails. This can be done by recording the failed transfer and allowing users to manually trigger the transfer of their tokens using an alternative method, such as a claim function.