Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Infinite retry loop could lock funds in PerpetualVault

bladesec

Title

Infinite retry loop could lock funds in PerpetualVault

Summary

The afterOrderCancellation function could cause an infinite retry loop if a GMX swap fails, potentially locking user funds and creating a denial-of-service risk.

Vulnerability Details

The issue occurs in the afterOrderCancellation function of PerpetualVault.sol. If a market swap fails, the contract will keep retrying the swap without any limits. This can happen if there's poor liquidity, incorrect price settings, or oracle issues. The problem is clear in this code:

PerpetualVault.sol
605: } else if (orderType == Order.OrderType.MarketSwap) {
606: // If GMX swap fails, retry in the next action.
607: nextAction.selector = NextActionSelector.SWAP_ACTION;
608: // abi.encode(swapAmount, swapDirection): if swap direction is true, swap collateralToken to indexToken
609: nextAction.data = abi.encode(swapProgressData.remaining, swapProgressData.isCollateralToIndex);
610: }

The function automatically retries failed swaps without stopping, which can lock user funds indefinitely.

Impact

Users can't access their funds because the contract is stuck retrying.

Tools Used

Manual Review

Recommendations

To fix this issue, consider set a retry limit.

Updates

Lead Judging Commences

n0kto Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Design choice

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.