Submission Details
Severity:
`GMXDeposit::processDepositCancellation` Reentrancy
Summary
Reentrancy vulnerability due to external call
Vulnerability Details
function processDepositCancellation(
GMXTypes.Store storage self
) external {
GMXChecks.beforeProcessDepositCancellationChecks(self);
// Repay borrowed assets
GMXManager.repay(
self,
self.depositCache.borrowParams.borrowTokenAAmt,
self.depositCache.borrowParams.borrowTokenBAmt
);
// Return user's deposited asset
// If native token is being withdrawn, we convert wrapped to native
if (self.depositCache.depositParams.token == address(self.WNT)) {
@> self.WNT.withdraw(self.WNT.balanceOf(address(this)));
(bool success, ) = self.depositCache.user.call{value: address(this).balance}("");
require(success, "Transfer failed.");
} else {
// Transfer requested withdraw asset to user
IERC20(self.depositCache.depositParams.token).safeTransfer(
self.depositCache.user,
self.depositCache.depositParams.amt
);
}
self.status = GMXTypes.Status.Open;
emit DepositCancelled(self.depositCache.user);
}
Impact
If the self.depositCache.user address corresponds to a contract, it could potentially call back into the current contract before the state changes are saved, allowing for reentrancy attacks.
Tools Used
Manual Review
Recommendations
To mitigate this risk, you should use the "Checks-Effects-Interactions" pattern and ensure that interactions with external contracts occur after all state changes are made. Additionally, consider using a reentrancy guard or mutex to prevent reentrancy attacks.
Prize pool breakdown
Total prize
35,000 USDC
nSLOC
2,28915 USDC / LOC
33,000 USDC
2,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.