Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

tx.origin shouldn’t be used for authentication

0xmilenov

Context

GmxProxy.sol

Summary

The setPerpVault function in the GmxProxy contract improperly uses tx.origin for ownership verification. This authentication method is insecure because an attacker can exploit it through a phishing attack, tricking the contract owner into unknowingly approving a malicious vault address. This can lead to user funds being redirected to a malicious vault.

Vulnerability Details

function setPerpVault(address _perpVault, address market) external {
require(tx.origin == owner(), "not owner");
require(_perpVault != address(0), "zero address");
require(perpVault == address(0), "already set");
perpVault = _perpVault;
gExchangeRouter.setSavedCallbackContract(market, address(this));
}

Issue: tx.origin Should Not Be Used for Authentication

tx.origin can be manipulated by an attacker who tricks the contract owner into calling a malicious contract. This allows unauthorized updates to the perpetual vault, leading to fund redirection.

More helpful information:

Impact

  • Funds can be redirected to an attacker's vault.

  • Loss of control over the perpetual vault.

Tools Used

  • Manual review

Recommendations

Replace tx.origin with the onlyOwner modifier.

Updates

Lead Judging Commences

n0kto Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

invalid_tx-origin

Lightchaser: Medium-5

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.