Steadefi

Summary

When a transfer fails to send to a receiving account, GMX makes a second attempt to send it to a holding account.

Vulnerability Details

When adding liquidity to the Vault on function addLiquidity The contract makes a call to a gmx function sendTokens on the exchange router, the challenge with this is that there are two possible scenarios that qualifies for a success response and the protocol only covers for one. The first success scenario is that the funds are successfully sent to the receiver, which the function returns a success result, The second scenario is also that the funds were not successfully transfered to the intended receiver meaning the transfer call failed, then a second attempt is made to send the token to a holding account, to which the function also returns successful.

Impact

Funds transfer to an holding account, but protocol does not cover for such caveat.

Tools Used

manual

Recommendations

Check balance after transfer to make sure it is contained in the receiving account.