Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Fees can be minted even when the vault is closed.

NeverGonnaGiveYulUp

Summary

The treasury can receive a portion of users' funds when the vault has been closed.

Vulnerability Details

The GMXVault#mintFee function can be publicly called and does not require a specific state:

function mintFee() public {

_mint(_store.treasury, GMXReader.pendingFee(_store));

_store.lastFeeCollected = block.timestamp;

}

Since the fee calculation is time based, the treasury can get minted fees even when the vault is closed. When the vault is closed, all assets are stored in the vault, so no more rewards can be generated through LPing. Hence the Treasury should not be eligible to receive additional fees.

Impact

Users' funds can be misallocated to the treasury.

Tools Used

Manual Review

Recommendations

Disallow mintFee to be called when the vault is in status Closed

Updates

Lead Judging Commences

hans Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

Disable mintFee during emergency

Impact: High Likelihood: Low Fee calculation must be stopped during an emergency. Typical problem that can happen for pausable protocols.

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.