Tokens locking in the trove contract
Summary
In case of an emergency closure of the vault the tokens on the trove contract are locked permanently instead of being distributed for shares. The GMXEmergency.emergencyClose function does not transfer tokens from the GMXTrove contract. But after the vault receives status Close the assets on the trove become locked.
Vulnerability Detail
The GMXTrove contract collects dust amounts of tokens from the vault during depositing and withdrawal. These tokens can be transferred in the vault by the compound function.
The GMXEmergency.emergencyClose function prepares the vault to be closed and changes the status on Closed. After this the compound function can not be ever called and the tokens became locked.
Impact
Assets locking.
Tools used
Manual Review
Recommendations
Consider transferring tokens from the trove contract at the GMXEmergency.emergencyClose function.
Lead Judging Commences
Not claiming yields in troves on emergency
Impact: High Likelihood: Medium Need to confirm the final severity. If the protocol is designed to be able to open the vault again after close, the impact becomes Medium because the keepers can call compound after reopening the vault.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.