Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: high
Invalid

Compounding vulnerability bypasses deposit limits in PerpetualVault

bladesec

Title

Compounding vulnerability bypasses deposit limits in PerpetualVault

Summary

The PerpetualVault contract allows users to bypass deposit limits through the compounding mechanism. This could lead to positions growing beyond intended size, increasing the risk of severe liquidations and destabilizing the system.

Vulnerability Details

The runNextAction function in PerpetualVault.sol handles compounding without checking the maxDepositAmount. Here's the relevant code:

function runNextAction(MarketPrices memory prices, bytes[] memory metadata) external nonReentrant gmxLock {
...
} else if (positionIsClosed == false && _isFundIdle()) {
flow = FLOW.COMPOUND;
if (_isLongOneLeverage(beenLong)) {
_runSwap(metadata, true, prices);
} else {
(uint256 acceptablePrice) = abi.decode(metadata[0], (uint256));
_createIncreasePosition(beenLong, acceptablePrice, prices);
}
}
...

Regular deposits are restricted by maxDepositAmount:

function deposit(uint256 amount) external nonReentrant payable {
if (amount < minDepositAmount) {
revert Error.InsufficientAmount();
}
if (totalDepositAmount + amount > maxDepositAmount) {
revert Error.ExceedMaxDepositCap();
}

However, the compounding process skips these checks, allowing positions to exceed maxDepositAmount.

Impact

The intended purpose of maxDepositAmount to limit the total size of positions is compromised.

Tools Used

Manual code review

Recommendations

Add a check during compounding to ensure the total position size does not exceed maxDepositAmount.

Updates

Lead Judging Commences

n0kto Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.