Steadefi
Steadefi
DeFiHardhatFoundryOracle
35,000 USDC
View results
Previous Next
Submission Details
Severity: high
Valid

The `afterWithdrawChecks` applies only if user wants to withdraw in tokenA/B

pontifex

Summary

The afterWithdrawChecks check is very important to be sure that important health parameters are in the proper ranges. But the check is inside brackets of the if user wants to withdraw in tokenA/B statement. So if the user wants to withdraw LP-token the check is not provided. This can cause unexpected financial losses.

Vulnerability Details

The afterWithdrawChecks check is placed inside the brackets of the if-statement of the GMXProcessWithdraw.processWithdraw function. This statement checks if user wants to withdraw in tokenA/B. In other cases the afterWithdrawChecks check is not provided but should.

69 // Else if user wants to withdraw in LP token, the tokensToUser is already previously
70 // set in GMXWithdraw.withdraw()
71 if (
72 self.withdrawCache.withdrawParams.token == address(self.tokenA) ||
73 self.withdrawCache.withdrawParams.token == address(self.tokenB)
74 ) {
104 GMXChecks.afterWithdrawChecks(self);
105 }
106 }

Impact

The issue can cause unexpected financial losses.

Tools used

Manual Review

Recommendations

I suppose that the check should be placed after the if statement brackets.

Updates

Lead Judging Commences

hans Auditor
almost 2 years ago
hans Lead Judge almost 2 years ago
Submission Judgement Published
Validated
Assigned finding tags:

Missing afterWithdrawChecks for lpToken withdrawal

Impact: High Likelihood: High

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.