Management fees minting procedures during emergency withdrawal
Summary
The process of emergency withdrawal can last a long period and the mintFee function calling will decrease users' shares value each time. On the other hand if the mintFee function was called long before the emergency withdrawal started users receive more assets than should. This way the protocol management and other users lose shares value.
Vulnerability Details
The GMXVault.mintFee function can be called even if the vault is in the Closed status.
The _shareRatio calculation at the emergencyWithdraw function depends on totalSupply:
In case the mintFee was called long before emergency withdrawal started users receive more assets than should.
In case someone calls mintFee during the emergency withdrawal users shares value continue to decrease but shouldn't.
Impact
Decreasing users' shares value / assets losses.
Tools used
Manual Review
Recommendations
Management fees should be minted before emergency withdrawal and then fees mining functionality should be blocked. Consider mintFee calling at the emergencyClose function and reverting at the mintFee function when the vault is in the Closed status. Another option for minting fees cancel is updating feePerSecond to zero value.
Lead Judging Commences
Disable mintFee during emergency
Impact: High Likelihood: Low Fee calculation must be stopped during an emergency. Typical problem that can happen for pausable protocols.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.