Withdrawals from a blacklisted USDC user (where the withdrawal happened after depositing), cause status to be stuck in Withdraw_Failed
.
If a blacklisted USDC user attempts to withdraw from the vault, GMXVault:processWithdraw
will fail. This will cause the vault status to be stuck in Withdraw_Failed
. The keeper will not recognize why this is failing, and continues to call GMXVault:processWithdrawFailure
. This will lead to a DOS until the vault is opened through the pause-resume flow. Since the blacklisted user's funds get added back into the vault during this process, the blacklisted user can contiously cause a DOS.
Here is an example of the blacklisted user calling a DOS:
OUTPUT:
Temporary DOS of the GMXVault that can be reexecuted by the blacklisted user even after pause-resume flow
Manual Review and Foundry
Monitor USDC blacklisted users, and either disallow them from using the protocol or add an escrow functionality to handle their funds
Impact: High Likelihood: Low
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.