`IExchangeRouter#CreateDepositParams#uiFeeReceiver` set in a manor that will cause some users to miss out on claiming fees
Summary
The current implementation sets the uiFeeReceiver (fee charged on GMX) to the msg.sender. This can cause smart contracts integrating with Steadefi to lose funds if they are not able to claim the uiFee.
Vulnerability Details
When adding or removing liquidity to GMX the uiFeeReceiver is set to self.refundee (which is always the msg.sender):
The intention here is to not pay any uiFees to GMX. However, uiFees are not paid automatically, but have to be claimed manually (using ExchangeRouter.claimUiFees). This is not only inconvenient for users, but also might cause the uiFee-amount to be lost, due to users being smart contracts that integrate with Steadify, but did not consider this subtle mechanism.
Impact
Loss of funds equal to the uiFeeAmount that GMX would charge
Tools Used
Manual Review
Recommendations
Set IExchangeRouter#CreateDepositParams#uiFeeReceiver to address(0), this will cause no uiFee to be charged as can be seen in PositionPricingUtils from GMX
Lead Judging Commences
Wrong usage of uiFeeReceiver
Impact & Likelihood: High https://gmx-docs.io/docs/api/contracts-v2#creating-a-withdrawal
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.