Submission Details
Severity:
`GMXVault` contract: no check if the underlyingAsset of the lendingVault is the used token by the vault
Summary
GMXVault contract: no check if the underlyingAsset of the lendingVault is the used token by the vault.
Vulnerability Details
When GMXVault is deployed;
for each one of the vault tokens: no check is made to ensure that the lendingVault underlyingAsset matches the token that's going to be used by the vault.
Impact
A redeployment of the vault will be needed if any of the lendingVaults is wrongly assigned, as the vault functions that interacts with the lendingVault will not work.
Proof of Concept
_store.tokenALendingVault = ILendingVault(store_.tokenALendingVault);
_store.tokenBLendingVault = ILendingVault(store_.tokenBLendingVault);
Tools Used
Manual Review.
Recommendations
Add the following checks in the constructor before assigning the lendingVaults:
- _store.tokenALendingVault = ILendingVault(store_.tokenALendingVault);
- _store.tokenBLendingVault = ILendingVault(store_.tokenBLendingVault);
+ if(ILendingVault(store_.tokenALendingVault).asset() == _store.tokenA && ILendingVault(store_.tokenBLendingVault).asset()==_store.tokenB){
+ _store.tokenALendingVault = ILendingVault(store_.tokenALendingVault);
+ _store.tokenBLendingVault = ILendingVault(store_.tokenBLendingVault);
+ }else{
+ revert();
+ }
Prize pool breakdown
Total prize
35,000 USDC
nSLOC
2,28915 USDC / LOC
33,000 USDC
2,000 USDC
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.