getsAmountsIn in GMXOracle hardcoded 15e14(15bps) for amountsIn would gives wrong amountsIn since GMX market has dynamic impact fee
Summary
getsAmountsIn in GMXOracle hardcoded 15e14(15bps) for amountsIn would gives wrong amountsIn since GMX market has dynamic impact fee.
With Reference to GMXv2, they have an impact pool which holds the fund collected from depositor who deposit on the imbalanced side of the market, namely a bigger cumulative vritualBalance. The fee is also documented here
Therefore the getsAmountIn may not be sufficient for the deposit/rebalance, if the the rebalance is done in a while that is against the incurred impact price fee.
Vulnerability Details
Impact
getsAmountsIn hardcoded 15bps for buffer which may not be representative of the dynamic fee implemented in GMXv2.
Tools Used
Recommendations
ImpactPrice calculation can be imported from the PricingUtil.sol in GMXv2 repo.
There is a script to calculate/verify the impact against tradeSize off-chain here
Lead Judging Commences
Hardcoded GMX fee
15bps might be not enough to cover dynamic GMX fee
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.