Steadefi

DeFiHardhatFoundryOracle

35,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Repayment Failure May Leave Borrow Position Intact

hunter_w3b

Summary

The emergencyClose() function calls repay() to unwind the borrow position, but does not validate that the repayment completed successfully.

Vulnerability Details

If repay() reverts or fails to fully repay the borrowed assets for any reason, the contract state and borrow would be left in an inconsistent, partially repaid state.

144 GMXManager.repay(

145 self,

146 _rp.repayTokenAAmt,

147 _rp.repayTokenBAmt

148 );

Reproduction Steps:

Call emergencyClose() during exploit of repay()
repay() reverts or does not fully repay amounts
Function does not detect repay() failure
Borrow position remains outstanding

Impact

Borrower could retain access to loaned assets after attempted close

Tools Used

Manual Review

Recommendations

Validate repay() executes fully by checking borrow balances are zeroed. Revert state on any validation failures to avoid partial closures leaving funds exposed.

Updates

Lead Judging Commences

hans Lead Judge almost 2 years ago

Submission Judgement Published

Validated

Assigned finding tags:

Not enough token to repay the debt on emergencyClose

Impact: Medium Likelihood: Low The keepers can send tokens directly before closing. Will leave for a sponsor's review but likely to invalidate.

Prize pool breakdown

Total prize

35,000 USDC

nSLOC

2,289

15 USDC / LOC

High Medium

33,000 USDC

Low

2,000 USDC

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.