Steadefi
Steadefi
DeFiHardhatFoundryOracle
35,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

The contract can be blocked by single user

vineyard

Summary

The GMXVault contract can only serve single user, as a result, other user can be blocked by one user's transaction.

Vulnerability Details

Based on the context of the GMX, which produce the two-step transaction for single operation. As a result, the steadfi implement the cache fields in the storage to provide information for the callback function in GMX. However, there is single cache for the GMXVault contract, as a result, other user will be blocked by the first user.

For example, the userA start the deposit, the status for GMXVault will become Deposit, any other user cannot do deposit at this time since the status check, and need to wait for GMX's callback.

if (self.status != GMXTypes.Status.Open)
revert Errors.NotAllowedInCurrentVaultStatus();

Impact

The contract can be blocked by single user.(DoS)

Tools Used

Manual

Recommendations

The issue can be solved in multiple ways:

  1. Increase the DoS cost, the current cost for the DoS is relative low, which is about 0.09 USD.

uint256 public constant MINIMUM_VALUE = 9e16;

  1. using mapping to process the cache, for example based on the deposit key for deposit operations.

Updates

Lead Judging Commences

hans Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Too generic
vineyard Submitter
almost 2 years ago
hans Auditor
almost 2 years ago
vineyard Submitter
almost 2 years ago
hans Auditor
almost 2 years ago
vineyard Submitter
almost 2 years ago
hans Lead Judge almost 2 years ago
Submission Judgement Published
Invalidated
Reason: Too generic

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.