Extraneous `GMXManager#borrow` in `GMXWithdraw#processWithdrawFailure`
Summary
Processing a withdraw failure performs a borrow even though no repayment has happened. This can cause the leverage to increase over time (or through intentionally causing failed withdraws).
Vulnerability Details
When a withdrawal is processed the following happens in GMXWithdraw#processWithdraw:
GMXProcessWithdraw.processWithdraw swaps tokens and performs a repayment:
If GMXProcessWithdraw.processWithdraw fails (e.g. slippage too low) then the repayment will not be executed and state changes to Withdraw_Failed.
In GMXWithdraw#processWithdrawFailure there is a borrow that is meant to reborrow the repaid amount (which again wasn't repaid) and add back the liquidity that was removed from GMX. This will cause more borrowed tokens to be added as liquidity before the withdrawal happened.
Impact
Vault's leverage is increased above the intended 3x and the vault takes on more risk than desired
Tools Used
Manual Review
Recommendations
Don't perform the borrow in GMXWithdraw#processWithdrawFailure
Lead Judging Commences
Wrong logic in processWithdrawFailure
Impact: High Likelihood: High Overlending is caused due to unnecessary re-borrow on processWithdrawFailure. Assumption that the repayment had gone because it was in try-catch is incorrect.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.