Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

No expiration deadline could result to losing funds during Swaps

SupaRoutis

Summary

In 3 instances (GMXDeposit.sol (1), GMXProcessWithdraw.sol (2)) does not set an expiration deadline which could result in lose of funds when swapping tokens.

Vulnerability Details

The deadline parameter in the ProcessWithdraw() & ProcessDepositFailureLiquidityWithdrawal() swap is set to block.timestamp. That means the function will accept a token swap at any block number (i.e., no expiration deadline).

_sp.tokenIn = _tokenFrom;

_sp.tokenOut = _tokenTo;

_sp.amountIn = IERC20(_tokenFrom).balanceOf(address(this));

_sp.amountOut = _tokenToAmt;

_sp.slippage = self.minSlippage;

@> _sp.deadline = block.timestamp;

// ^^^^^^^^^^^^^^^^^^^^^^^^^^^^

// We allow deadline to be set as the current block timestamp whenever this function

// is called because this function is triggered as a follow up function (by a callback/keeper)

// and not directly by a user/keeper. If this follow on function flow reverts due to this tx

// being processed after a set deadline, this will cause the vault to be in a "stuck" state.

// To resolve this, this function will have to be called again with an updated deadline until it

// succeeds/a miner processes the tx.

GMXManager.swapTokensForExactTokens(self, _sp);

Impact

As per the devs comments;
The reason deadline is set as block.timestamp is that the functions are triggered as a follow-up functions, likely by a callback or keeper, and not directly by a user and that if the current transaction (the follow-up function) is processed after a specific deadline, it could result in a situation where the vault becomes "stuck" which is reasonable however without an expiration deadline :

A malicious miner can hold the transaction for malicious reasons putting the funds at risk.
Depositor losing on opportunities to withdraw at a profitable time.

More info: https://x.com/bytes032/status/1661344118704881668?s=46&t=ahuBu4vx0GHQr2UGnKTzKA

Tools Used

Manual

Recommendations

The proper and reasonable approach to this is to set the deadline as the function parameter with a proper timestamp.

Updates

Lead Judging Commences

hans Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

superman_i4g Submitter

over 1 year ago

hans Auditor

over 1 year ago

hans Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.