Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Undercollateralization due to insufficient swap amounts in processDepositFailure()

hunter_w3b

Summary

The swap amounts calculated in processDepositFailure() to repay borrowed assets do not validate the amounts are sufficient after accounting for swap slippage.This can cause the contract to become undercollateralized if the swap amounts are too low due to incorrect slippage calculations or unfavorable market movements, and the contract is unable to fully repay debts.

Vulnerability Details

Reproduction Steps:

A deposit is created, borrowing tokens
Deposit fails and processDepositFailure is called
Swap amounts are calculated without checking balance covers repayment
Swap occurs but results in insufficient balance to fully repay
Contract is now undercollateralized

Impact

Funds may be permanently lost if GMX liquidates collateral below liabilities.
Contract invariant of being overcollateralized is broken

Tools Used

Manual Review

Recommendations

Validate swap amounts factor in max slippage to always fully cover repayment.
Revert failure handling if swap amounts can't fully repay

Updates

Lead Judging Commences

hans Lead Judge almost 2 years ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.