Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

Lack of Slippage and Execution Fee Checks

tpiliposian

Summary

The GMXVault.sol contract contains functions to update minimum slippage and minimum execution fees. However, these functions lack explicit checks to ensure that the provided values conform to the specified ranges.

Vulnerability Details

The functions updateMinSlippage and updateMinExecutionFee do not include checks to verify whether the input values for minSlippage and minExecutionFee adhere to the expected ranges of 1e4 and 1e18, respectively.
For example, mistakenly setting slippage or execution fees to zero could bypass important checks, for slippage potentially impacts the functioning of the contract and leads to no slippage protection. While it's primarily a concern of the owner's actions, there is a risk of unintended behavior if these values are not appropriately configured.

Impact

Setting slippage or execution fees to zero means the protocol will operate without any slippage protection. This could lead to undesirable consequences, such as higher trading risks, especially in volatile markets.

Tools Used

Manual code review.

Recommendations

Add checks within the updateMinSlippage and updateMinExecutionFee functions. These checks should ensure that the provided values are within acceptable bounds, preventing the inadvertent setting of these parameters to zero.

For example.

function updateMinSlippage(uint256 minSlippage) external onlyOwner {

require(minSlippage >= 1e4, "Slippage value must be greater than or equal to 1e4");

_store.minSlippage = minSlippage;

emit MinSlippageUpdated(minSlippage);

}

function updateMinExecutionFee(uint256 minExecutionFee) external onlyOwner {

require(minExecutionFee >= 1e18, "Execution fee value must be greater than or equal to 1e18");

_store.minExecutionFee = minExecutionFee;

emit MinExecutionFeeUpdated(minExecutionFee);

}

Updates

Lead Judging Commences

hans Auditor

over 1 year ago

hans Auditor

over 1 year ago

hans Lead Judge over 1 year ago

Submission Judgement Published

Validated

Assigned finding tags:

Centralization Risk

Impact: High Likelihood: Low Centralization risk is regarded a known issue. This tag will include all submissions : - Admin setter functions without validations

0xasen Auditor

over 1 year ago

hans Auditor

over 1 year ago

hans Lead Judge over 1 year ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

Centralization Risk

Impact: High Likelihood: Low Centralization risk is regarded a known issue. This tag will include all submissions : - Admin setter functions without validations

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.