Loss of discount because referralCode is set to bytes(0)
Summary
GMX has 3 tiers for referrals:
Tier 1: 5% discount for traders, 5% rebates to affiliate
Tier 2: 10% discount for traders, 10% rebates to affiliate
Tier 3: 10% discount for traders, 15% rebates to affiliate paid in ETH / AVAX, 5% rebates to affiliate paid in esGMX
By setting the referralCode as a constant equal to bytes(0), the protocol does not receive any discount from GMX. Consequently, anyone can create a Tier 1 code, resulting in a minimum fee loss of 5% for the protocol on actions such as increasing positions, decreasing positions, and opening/closing positions.
Vulnerability Details
The referral code being hardcoded to bytes(0) disables the discount mechanism provided by GMX’s referral system.
This means:
The protocol loss the discount that would normally reduce trading fees.
Impact
Loss for the protocol and ultimately users have to pay more.
Tools Used
Manual Review
Recommendations
Do not make the referral value as constant and create a function that can set the value of referral.
Lead Judging Commences
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.