Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Unable to add liquidity to GMX

pina

Summary

The main function is to add liquidity to GMX and generate yield, but this cannot happen because the parameters for creating a deposit are incorrectly configured with address(0) for longTokenSwapPath and shortTokenSwapPath.

Vulnerability Details

If we try to perform any function to add liquidity like deposit/rebalancing etc., the protocol throws an error. Let's see it step by step:

// Create deposit

IExchangeRouter.CreateDepositParams memory _cdp =

IExchangeRouter.CreateDepositParams({

receiver: address(this),

callbackContract: self.callback,

uiFeeReceiver: self.refundee,

market: address(self.lpToken),

initialLongToken: address(self.tokenA),

initialShortToken: address(self.tokenB),

longTokenSwapPath: new address[](0), // @audit check

shortTokenSwapPath: new address[](0), // @audit check

minMarketTokens: alp.minMarketTokenAmt,

shouldUnwrapNativeToken: false,

executionFee: alp.executionFee,

callbackGasLimit: 2000000

});

This is the flow of what will happen:

The interface is GMX ExchangeRouter and calls createDeposit.
Then DepositHandler.sol.createDeposit() calls DepositUtils.createDeposit()
DepositUtils.sol.createDeposit inside the function executes:
MarketUtils.validateSwapPath(dataStore, params.longTokenSwapPath);
MarketUtils.validateSwapPath(dataStore, params.shortTokenSwapPath);
For the validation of these parameters.
Next, in MarketUtils.sol.validateSwapPath() calls validateSwapMarket()
Finally, calls validateEnabledMarket()

function validateEnabledMarket(DataStore dataStore, Market.Props memory market) internal view {

if (market.marketToken == address(0)) {

revert Errors.EmptyMarket();

}

bool isMarketDisabled = dataStore.getBool(Keys.isMarketDisabledKey(market.marketToken));

if (isMarketDisabled) {

revert Errors.DisabledMarket(market.marketToken);

}

https://github.com/gmx-io/gmx-synthetics/blob/228f2155a69a1be3e99614b4ade0f65e86b0209b/contracts/market/MarketUtils.sol#L192-L203

It will throw an error since the market does not exist

Impact

High, the protocol is useless without this function working correctly.

Tools Used

Manual code Review

Recommendations

Add the correct exchange path as they did in the Liquidity withdrawal.

Updates

Lead Judging Commences

hans Auditor

almost 2 years ago

hans Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.