ExecutionFees is not refunded when user withdraws when the positionIsClosed
Summary
withdrawers are forced to pay the executionFees even though the positionIsClosed (currentPositionKey == 0 ) and no GMX call is needed.
Vulnerability Details
When a user tries to withdraw his shares when the positionIsClosed , there are no calls to GMX done but still paying the executionFees.
Since ,in _withdraw() there is no effort made to refund the executionFees , the users lose those fonds forever.
in the => code , false is passed as the refundFees parameter and hence no refund is done when the positionIsClosed.
Same bug can be seen ,when the vault is completely liquidated.code
Impact
ExecutionFees is not refunded when user withdraws when the positionIsClosed
Tools Used
Manual
Recommendations
change to
_handleReturn(0, true, true);
Lead Judging Commences
invalid_withdraw_positionIsClosed_does_not_refund_fees
No fee needed in _payExecutionFee when position is closed. Make a PoC if you disagree.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.