`GMXVault.updateMinSlippage` function: no lower bound check on `_store.minSlippage`
Summary
GMXVault.updateMinSlippage function: no lower bound check on _store.minSlippage.
Vulnerability Details
In GMXVault; the value _store.minSlippage represents the minimum slippage amount for adding/removing liquidity and for swaps when interacting with GMX exchange router; and it acts as a protection for the user to not losing their assets due to MEV or sandwich attacks.
So if this valus is set to a very high value; then almost all transactions made to the GMX exchange router will be cancelled.
Impact
But if this value is set to a very low value; zero for example; then users will be losing their assets if the transaction they made is front-ran by a MEV bot.
Proof of Concept
GMXVault.updateMinSlippage function/L656-L659
Tools Used
Manual Review.
Recommendations
Add a lower bound and an upper bound check for this value before assigning/updating it.
Lead Judging Commences
Centralization Risk
Impact: High Likelihood: Low Centralization risk is regarded a known issue. This tag will include all submissions : - Admin setter functions without validations
Centralization Risk
Impact: High Likelihood: Low Centralization risk is regarded a known issue. This tag will include all submissions : - Admin setter functions without validations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.