Steadefi
Steadefi
DeFiHardhatFoundryOracle
35,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

`GMXTrove` contract deployment will revert with `UNI` token

0xhals

Summary

GMXTrove contract deployment will revert with UNI token.

Vulnerability Details

  • In GMXVault contract: whenever a deposit or withdrawal is made by the user, a check is made to transfer any reidual tokens locked in the vault to the GMXTrove contract to prevent it from being considered as part of depositor's assets.

  • Each vault has a trove contract deployed for it, where the trove contract approves the vault on its tokenA & tokenB balnace so that the vault can manage and compounds them.

  • The protocol uses UNI token as one of its vault tokens, and when the GMXTrove contract is deployed; it approves the vault with a type(uint256).max value on this token.

  • But UNI token doesn't support approvals of type(uint256).max and will revert when approving this value as it accepts a maximum allowance of type(uint96).max only.

Impact

Troves that are deployed for vaults with either of its tokens is UNI will not be deployed.

Proof of Concept

GMXTrove.constructor

constructor (address _vault) {
vault = IGMXVault(_vault);
GMXTypes.Store memory _store = vault.store();
// Set token approvals for this trove's vault contract
_store.tokenA.approve(address(vault), type(uint256).max);
_store.tokenB.approve(address(vault), type(uint256).max);
}

Tools Used

Manual Review.

Recommendations

Check if any of the vault tokens pair is UNI token, and use a maximum allowance of type(uint96).max when approving the vault.

Updates

Lead Judging Commences

hans Lead Judge about 2 years ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!