Steadefi
Steadefi
DeFiHardhatFoundryOracle
35,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

`GMXVault` contract deployment will revert with `UNI` token

0xhals

Summary

GMXVault contract deployment will revert with UNI token.

Vulnerability Details

  • The protocol uses UNI token as one of its vault tokens, and when the GMXVault contract is deployed; it approves the depositVaults,lendingVaults and exchange router (3rd-party contracts) with a type(uint256).max value on this token.

  • But UNI token doesn't support approvals of type(uint256).max and will revert when approving this value as it accepts a maximum allowance of type(uint96).max only; so this will prevent deployment of such vaults as it approves UNI token with a large amount.

Impact

Vaults with either of its tokens is UNI will not be deployed.

Proof of Concept

GMXVault.constructor

// Set token approvals for this vault
_store.tokenA.approve(address(_store.router), type(uint256).max);
_store.tokenB.approve(address(_store.router), type(uint256).max);
//..............
_store.tokenA.approve(address(_store.depositVault), type(uint256).max);
_store.tokenB.approve(address(_store.depositVault), type(uint256).max);
//..............
_store.tokenA.approve(address(_store.tokenALendingVault), type(uint256).max);
_store.tokenB.approve(address(_store.tokenBLendingVault), type(uint256).max);

Tools Used

Manual Review.

Recommendations

Check if any of the vault tokens pair is UNI token, and use a maximum allowance of type(uint96).max when approving other contracts on it.

Updates

Lead Judging Commences

hans Lead Judge about 2 years ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!