Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Valid

Incorrect Deposit Limit Management After GMX Liquidations Blocks New Deposits

dliteofficial

Vulnerability Details

There is a logical error in the PerpetualVault.sol contract which causes the totalDepositAmount to be inflated and not reduced properly when positions are liquidated on GMX. When a liquidation occurs (partial or complete), the collateral balance of the position on GMX is reduced, but the contract fails to decrease its totalDepositAmount accordingly.

function afterLiquidationExecution() external {

if (msg.sender != address(gmxProxy)) {

revert Error.InvalidCall();

}

depositPaused = true;

uint256 sizeInTokens = vaultReader.getPositionSizeInTokens(curPositionKey);

if (sizeInTokens == 0) {

delete curPositionKey;

}

if (flow == FLOW.NONE) {

flow = FLOW.LIQUIDATION;

nextAction.selector = NextActionSelector.FINALIZE;

} else if (flow == FLOW.DEPOSIT) {

flowData = sizeInTokens;

} else if (flow == FLOW.WITHDRAW) {

// restart the withdraw flow even though current step is FINALIZE.

nextAction.selector = NextActionSelector.WITHDRAW_ACTION;

}

This mismatch creates a significant problem because the totalDepositAmount is used to determine how much can be deposited into the contract. Since liquidations reduce the actual collateral without updating the tracked amount, the contract maintains an artificially high totalDepositAmount. This effectively reduces the amount of new tokens that can be deposited into the contract, as the system believes more funds are deposited than actually exist.

Proof of Concept

Initial state:
- Contract has totalDepositAmount = 90000 USDC
- Maximum Deposit = 100000 USDC
Position gets liquidated on GMX:
- GMX position reduced to 0
- Contract's totalDepositAmount remains at 90000 USDC incorrectly meaning the maximum that can be deposited into the contract is 10000 USDC.

Impact

New deposits are limited by the incorrect totalDepositAmount

Recommendation

Update the totalDepositAmount when handling liquidations from GMX. This ensures the deposit limit accurately reflects the actual amount of collateral in the system after liquidations.

Updates

Lead Judging Commences

n0kto Lead Judge 8 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding_total_liquidation_does_not_change_totalDepositAmount

Likelihood: Low/Medium, when the position is fully liquidated and the vault is full. Impact: High, _transferToken never called when the withdrawn amount is 0 on a deposit. DoS the deposit when the max cap is reached.

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.