The GMXDeposit
contract incorrectly uses the PNL factor during deposits, which results in inaccurate token value calculations.
The getLpTokenValue()
function in the GMXDeposit
contract erroneously sets the isDeposit
parameter to false, which triggers the usage of the PNL factor designated for withdrawals instead of deposits. This results in inaccurate token value calculations for deposits.
Users receive token values that do not conform to the intended risk parameters.
Manual analysis
Review and update the code to ensure that the correct PNL factor, whether for deposits or withdrawals, is consistently applied in token value calculations.
Impact: Medium Likelihood: High The impact of using a wrong price (conservative vs optimistic) is limited, especially given the users specify the slippage.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.