After `ProcessCompoundCancellation()`, the status of vault is not reset to Open
Summary
processCompoundCancellation is called after liquidity could not be added using a compound() action and the vault status must be reset to Open but is set to Compound_Failed
Vulnerability Details
When compound() is called and this function fails, it is not handled properly as in the diagram flow and documentation as shown.
Within the GMXCompound flow, the other function that can accept this state is in verification:
But, it will only change if the result is correct. Otherwise, if this error that was initially generated persists and the compound cannot be performed, the vault will be left with the status "GMXTypes.Status.Compound_Failed" and the keeper will have to call "emergencyPause" and interrupt the operation of the vault to change this state.
Impact
Incorrect handling of control checks, interrupting the correct flow and leaving the vault disabled.
Tools Used
Manual code review
Recommendations
Handle correctly for processCompoundCancellation() and update the final status for OPEN.
Lead Judging Commences
Wrong status transition on processCompoundCancellation
Impact: High Likelihood: Low The sponsor confirmed it's a typo in the diagram but the documentation/source is the source of truth for the hawks. Will group all findings pointing out the wrong status transition to Compound_Failed based on the diagram.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.