Incorrect dust amount would cause user withdrawal more vault token balance then intended
Summary
Incorrect withdrawal amount when withdrawal token decimal is not 18.
Vulnerability Details
When user call GMXVault#emergencyWithdraw function, then call GMXEmergency#emergencyWithdraw function, the code is shown below:
And the DUST_AMOUNT is set to 1e17, but not all ERC20 tokens are 18 decimals, like USDC in both Arbitrum and AXAX chain decimal are 6. So when _userShareBalance - shareAmt < 1e17, then shareAmt
would set to all the user vault balance, which is not correct action.
For example, _userShareBalance = 10000 usdc and shareAmt = 1000 usdc, then _userShareBalance - shareAmt = 10000 usdc - 1000 usdc = 9000 usdc, equal to 9 * 1e9 less than 1e17, so users will withdrawal all the vault token balance instead of shareAmt.
Impact
Users could withdraw all the vault token balance instead of he wanted because hardcoded DUST_AMOUNT is set to 1e17.
Tools Used
vscode, Manual Review
Recommendations
Change _userShareBalance - shareAmt < DUST_AMOUNT to _userShareBalance - shareAmt < 10 ** (IERC20(address(self.vault)).decimal() - 1).
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.