Submission Details
Severity:
Fee can be minted even after vault is closed
Vulnerability Details
Even after the vault is closed by invoking the emergencyClose function, fee can still be minted.
function mintFee() public {
_mint(_store.treasury, GMXReader.pendingFee(_store));
_store.lastFeeCollected = block.timestamp;
}
Impact
Fees will be accrued even when there is no work done for management causing user's who withdraw late to loose their deserved funds.
Recommendations
Avoid fee mints if the vault is closed
diff --git a/contracts/strategy/gmx/GMXVault.sol b/contracts/strategy/gmx/GMXVault.sol
index 4f2ecf8..8d61997 100644
--- a/contracts/strategy/gmx/GMXVault.sol
+++ b/contracts/strategy/gmx/GMXVault.sol
contract GMXVault is ERC20, Ownable2Step, ReentrancyGuard, IGMXVault, IGMXVaultE
* @notice Mint vault token shares as management fees to protocol treasury
*/
function mintFee() public {
+ require(_store.status != GMXTypes.Status.Closed);
_mint(_store.treasury, GMXReader.pendingFee(_store));
_store.lastFeeCollected = block.timestamp;
}
Updates
Lead Judging Commences
hans almost 2 years ago
Submission Judgement Published Assigned finding tags:
Disable mintFee during emergency
Impact: High Likelihood: Low Fee calculation must be stopped during an emergency. Typical problem that can happen for pausable protocols.
Prize pool breakdown
Total prize
35,000 USDC
nSLOC
2,28915 USDC / LOC
33,000 USDC
2,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.