Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

fee can bypass

jprod15

Summary

In the function processDepositFailure, the minimum fee is not checked. therefore fee can be 0

Vulnerability Details

      function processDepositFailure(
        GMXTypes.Store storage self,
        uint256 slippage,
        uint256 executionFee
      ) external {
        GMXChecks.beforeProcessAfterDepositFailureChecks(self);

        GMXTypes.RemoveLiquidityParams memory _rlp;

        // If current LP amount is somehow less or equal to amount before, we do not remove any liquidity
        if (GMXReader.lpAmt(self) <= self.depositCache.healthParams.lpAmtBefore) {
          processDepositFailureLiquidityWithdrawal(self);//@audit-info processDepositFailureLiquidityWithdrawal --
        } else {
          // Remove only the newly added LP amount
          _rlp.lpAmt = GMXReader.lpAmt(self) - self.depositCache.healthParams.lpAmtBefore;

          // If delta strategy is Long, remove all in tokenB to make it more
          // efficent to repay tokenB debt as Long strategy only borrows tokenB
          if (self.delta == GMXTypes.Delta.Long) {
            address[] memory _tokenASwapPath = new address[](1);
            _tokenASwapPath[0] = address(self.lpToken);
            _rlp.tokenASwapPath = _tokenASwapPath;

            (_rlp.minTokenAAmt, _rlp.minTokenBAmt) = GMXManager.calcMinTokensSlippageAmt(
              self,
              _rlp.lpAmt,
              address(self.tokenB),
              address(self.tokenB),
              slippage
            );
          } else {
            (_rlp.minTokenAAmt, _rlp.minTokenBAmt) = GMXManager.calcMinTokensSlippageAmt(
              self,
              _rlp.lpAmt,
              address(self.tokenA),
              address(self.tokenB),
              slippage
            );
          }

          _rlp.executionFee = executionFee;//@audit-issue dont check minimun fee 

          // Remove liqudity
          self.depositCache.withdrawKey = GMXManager.removeLiquidity(
            self,
            _rlp
          );
        }
      }

as can see never is checked if _rlp.executionFee < self.minExecutionFee

Impact

fee is loss

Tools Used

mnual review

Recommendations

add

 if (_rlp.executionFee < self.minExecutionFee)
  revert Errors.InsufficientExecutionFeeAmount();

Updates

Lead Judging Commences

hans Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.