Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of Input Validation in GmxProxy.sol

luffy

Summary

The GmxProxy.sol contract lacks proper input validation when interacting with GMX. This could allow malicious actors to pass invalid parameters, leading to unexpected behavior or loss of funds.

Vulnerability Details

The executeOrder function in GmxProxy.sol does not validate the order parameter, which could lead to invalid orders being executed on GMX

function executeOrder(Order memory order) external onlyKeeper {
IGmxVault(gmxVault).executeOrder(order);
}

Impact

An attacker could pass a malformed order object, causing the protocol to execute unintended trades or fail unexpectedly

Tools Used

Manual code review

Recommendations

Add input validation to ensure that the order object is properly structured and contains valid data

function executeOrder(Order memory order) external onlyKeeper {
require(order.collateralToken != address(0), "Invalid collateral token");
require(order.sizeDelta > 0, "Invalid size delta");
require(order.acceptablePrice > 0, "Invalid acceptable price");
IGmxVault(gmxVault).executeOrder(order);
}
Updates

Lead Judging Commences

n0kto Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Suppositions

There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.

n0kto Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Suppositions

There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.