Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Lack of slippage protection in GMX order execution

bladesec

Title

Lack of slippage protection in GMX order execution

Summary

The system currently executes orders without proper safeguards against slippage, which could lead to unfavorable execution prices and significant financial losses for users.

Vulnerability Details

The function _createIncreasePosition in the provided code has an issue related to slippage protection.

PerpetualVault.sol

872: IGmxProxy.OrderData memory orderData = IGmxProxy.OrderData({

873: market: market,

874: indexToken: indexToken,

875: initialCollateralToken: address(collateralToken),

876: swapPath: new address[](0),

877: isLong: _isLong,

878: sizeDeltaUsd: sizeDelta,

879: initialCollateralDeltaAmount: 0,

880: amountIn: amountIn,

881: callbackGasLimit: callbackGasLimit,

882: acceptablePrice: acceptablePrice,

883: minOutputAmount: 0

884: });

The minOutputAmount parameter is hardcoded to 0, allowing the order to execute at any price, even if it's significantly worse than expected.
There is no mechanism to limit the maximum acceptable price slippage, which could result in orders executing at unfavorable rates.

To demonstrate the issue, consider this test scenario:

function testLackOfSlippageProtection() public {

// ... setup code ...

// Simulate a 20% drop in price

uint256 oldPrice = 2000 * 1e18;

uint256 newPrice = 1600 * 1e18;

// ... execute order without slippage protection ...

// Expected outcome: User incurs significant losses due to bad execution

}

This test shows how the lack of slippage protection could result in large losses for users if prices move unfavorably before execution.

Impact

Users are at risk of incurring unexpected and substantial losses due to poor execution prices.
The protocol is vulnerable to market manipulation, as attackers could exploit this weakness to force unfavorable order executions.
Repeated instances of bad execution prices could harm user trust and the overall reputation of the protocol.

Tools Used

manual review
Foundry testing framework

Recommendations

To mitigate this issue, implement the following changes:

Introduce a slippage protection system that adjusts based on market conditions.
Calculate minOutputAmount dynamically using the expected execution price and a reasonable slippage threshold (e.g., 1%-3%).
Allow users to set their own acceptable slippage limits when creating orders.

By addressing this vulnerability, the protocol can provide better protection for users and reduce the risk of significant financial losses.

Updates

Lead Judging Commences

n0kto Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

invalid_gmx_increase/decrease_no_slippage

acceptablePrice does that job for increase/decrease positions. https://github.com/gmx-io/gmx-synthetics/blob/caf3dd8b51ad9ad27b0a399f668e3016fd2c14df/contracts/order/BaseOrderUtils.sol#L276C49-L276C66

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.