Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Sequence Diagram Provided by Protocol mismatch with the implemented code in `processCompoundCancellation()`

0xhacksmithh

Summary

refer Details and impact

Vulnerability Details

According to sequence diagram provided by Protocol

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/docs/sequences/strategy-gmx-compound-sequence-basic.md

When addLiqudity() failed in GMXCoumpound contract afterDepositCancellation() is called from GMXCallback contract

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/strategy/gmx/GMXCallback.sol#L109-L111

Which further call GMXCompound.processCompoundCancellation()

In that function i.e GMXCompound.processCompoundCancellation() status set to GMXTypes.Status.Compound_Failed

function processCompoundCancellation(

GMXTypes.Store storage self

) external {

GMXChecks.beforeProcessCompoundCancellationChecks(self);

self.status = GMXTypes.Status.Compound_Failed;

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/strategy/gmx/GMXCompound.sol#L127-L135

But in Detail sequence Diagram https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/docs/sequences/strategy-gmx-compound-sequence-detailed.md it mention that status will set to Open

When discussed with sponsor they menioned that hmm.. it will not as the idea here is that we will run compound again actually

So Their Developers plan is to set status to GMXTypes.Status.Compound_Failed so that it will again call GMXCompound.compound() which has check

if (

self.status != GMXTypes.Status.Open &&

self.status != GMXTypes.Status.Compound_Failed

) revert Errors.NotAllowedInCurrentVaultStatus();

As this compound() callable by keeper with customize function arguments, so i believe they will try to send already present tokens to gmx for adding liquidity purpose in follow up function (compound()) call.

So sequence diagram shows wrong informetion here that should changed.

I'm little bit confuse here to select severity, There is no prior info provided that compound() will be again called after processCompoundCancellation() and this info absence in Sequence Diagrams. I only come to know when i talked to sponsor. So making it LOW SEVERITY HERE

Impact

If we consider info provided in sequence diagram then whole system is going into a blockage state (until another call to compound() get sucessful)
as sequence diagram mentioned
self.status should set to GMXTypes.Status.Open; in GMXCompound.processCompoundCancellation()

while it setting status to
self.status = GMXTypes.Status.Compound_Failed;

Tools Used

Manual Review

Recommendations

Sequence Dig should updated with correct info or Protocol should provide enough info about this before

Updates

Lead Judging Commences

hans Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

Wrong status transition on processCompoundCancellation

Impact: High Likelihood: Low The sponsor confirmed it's a typo in the diagram but the documentation/source is the source of truth for the hawks. Will group all findings pointing out the wrong status transition to Compound_Failed based on the diagram.

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.