Submission Details
Severity:
`GMXVault::receive()` no checks added
Summary
GMXVault::receive() the code doesn't check if the contract has a positive balance before attempting the transfer. If the contract balance is zero, attempting to transfer funds will consume unnecessary gas and may result in a failed transaction. To avoid this, you should add a check to ensure the contract balance is greater than zero before attempting the transfer.
Vulnerability Details
@> receive() external payable {
if (msg.sender == _store.depositVault || msg.sender == _store.withdrawalVault) {
(bool success, ) = _store.refundee.call{value: address(this).balance}("");
require(success, "Transfer failed.");
}
}
Impact
Gas Wastage
Tools Used
Manual Review
Recommendations
- receive() external payable {
- if (msg.sender == _store.depositVault || msg.sender == _store.withdrawalVault) {
- uint256 balance = address(this).balance;
- (bool success, ) = _store.refundee.call{value: balance}("");;
+ receive() external payable {
+ if (msg.sender == _store.depositVault || msg.sender == _store.withdrawalVault) {
+ uint256 balance = address(this).balance;
+ require(balance > 0, "No balance to refund.");
+ (bool success, ) = _store.refundee.call{value: balance}("");
Updates
Lead Judging Commences
hans over 1 year ago
Submission Judgement Published Reason: Non-acceptable severity
Assigned finding tags:
GAS: Zero value transfer
Prize pool breakdown
Total prize
35,000 USDC
nSLOC
2,28915 USDC / LOC
33,000 USDC
2,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.