Withdrawal process can stall due to missing retry mechanism
Title
Withdrawal process can stall due to missing retry mechanism
Summary
The settlement process in the withdrawal flow may fail if gmxProxy.settle reverts because the contract lacks sufficient ETH to cover fees. Without a retry mechanism, the process gets stuck, preventing users from withdrawing funds or taking other actions.
Vulnerability Details
The withdrawal function calls _settle() to handle fees and debts before processing the withdrawal. If gmxProxy.settle reverts due to insufficient contract balance, the process fails without recovery.
If gmxProxy.settle() reverts, the withdrawal process remains incomplete, leaving users unable to proceed.
Impact
Users face significant operational disruption, unable to withdraw funds or perform other actions, as the contract remains in a stuck state.
Tools Used
Manual Review
Recommendations
Add a retry mechanism to handle failed gmxProxy.settle() calls to prevent process failures and ensure smooth contract operation.
Lead Judging Commences
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.