Zero Acceptable Price Configuration
Summary
A critical vulnerability exists due to the hardcoded acceptablePrice parameter being set to 0 in the settle function. This dangerous configuration allows position settlements to execute at any market price, including near-zero values, enabling complete collateral liquidation under adverse market conditions. The flaw fundamentally compromises position safety guarantees.
Vulnerability Details
Affected Code
Price Validation Bypass:
Setting acceptablePrice = 0 disables price validation checks in GMX's order execution system, violating the basic principle of price-protected settlements.
Impact
Tha variable acceptablePrice is meaning less. It will bypass all the price.
Tools Used
Manual review
Lead Judging Commences
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.