Summary

GMXCompound contract uses the safeTransferFrom function to transfer tokens from the trove to the vault during the compound operation. While using safeTransferFrom is a recommended practice for token transfers, the absence of proper error handling and checks in this context will pose a security risk.

Vulnerability Details

• the safeTransferFrom function is used to transfer tokens from the trove to the vault. While this function is designed to check for errors during transfers, the code does not handle potential errors and lacks proper checks after the transfer.

• If the safeTransferFrom function encounters an error, such as a failed transfer due to insufficient allowances, the code does not provide appropriate error handling.

Impact

• The impact of this vulnerability can vary based on the token and the trove's state. If a token transfer fails due to insufficient allowances or other issues, it could disrupt the compound operation and potentially affect the protocol's normal functioning.

Tools Used

Recommendations

• Implement proper error handling for token transfers using the safeTransferFrom function. Ensure that errors are appropriately logged or handled to prevent unexpected behavior.

• Add checks to verify that the token transfer was successful, and if not, handle the failure .