Incorrect state transition may cause vault in stuck
Summary
Incorrect state transition may cause vault in stuck under processCompoundCancellation scenario.
Vulnerability Details
When keeper execute compound action and GMXCallback return afterDepositCancellation action, then protocol will call GMXCompound#processCompoundCancellation function to change vault status.
However, vault status is changed to GMXTypes.Status.Compound_Failed instead of GMXTypes.Status.Open by GMXCompound#processCompoundCancellation function, which is different with document described below:
https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/docs/sequences/strategy-gmx-compound-sequence-detailed.md
and All scenarios should be handled to ensure vault eventually returns to an Open status. Consider how a scenario might lead to a stuck vault (other statuses).
Impact
Vault may stuck in unexpected state after processCompoundCancellation action.
Tools Used
vscode, Manual Review
Recommendations
Change the vault status to Open instead of Compound_Failed when call GMXCompound#processCompoundCancellation function.
Lead Judging Commences
Wrong status transition on processCompoundCancellation
Impact: High Likelihood: Low The sponsor confirmed it's a typo in the diagram but the documentation/source is the source of truth for the hawks. Will group all findings pointing out the wrong status transition to Compound_Failed based on the diagram.
Wrong status transition on processCompoundCancellation
Impact: High Likelihood: Low The sponsor confirmed it's a typo in the diagram but the documentation/source is the source of truth for the hawks. Will group all findings pointing out the wrong status transition to Compound_Failed based on the diagram.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.