Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Indirect Call Exploitation via tx.origin in GmxProxy::setPerpVault

ghufranhassan1

Summary

tx.origin is a global variable in Solidity that returns the address of the account that sent the transaction but it is discouraged due to previous attacks

function setPerpVault(address _perpVault, address market) external {

require(tx.origin == owner(), "not owner");

require(_perpVault != address(0), "zero address");

require(perpVault == address(0), "already set");

perpVault = _perpVault;

gExchangeRouter.setSavedCallbackContract(market, address(this));

}

Vulnerability Details

tx.origin returns the original external account that initiated the transaction, even if the transaction passes through multiple contracts. This can be exploited in phishing attacks where a user is tricked into initiating a transaction through a malicious contract that then calls your contract.

Impact

Using tx.origin deviates from best practices in Solidity development, which recommend using msg.sender for access control.

The function is designed to set perpVault only once. If tx.origin is exploited to set an incorrect address, it cannot be changed, potentially locking the contract into an incorrect state.

Tools Used

Manual Review

Recommendations

Replace tx.origin with msg.sender to ensure that only the direct caller of the function is considered for access control

function setPerpVault(address _perpVault, address market) external {

require(msg.sender == owner(), "not owner");//Changed from tx.origin to msg.sender

require(_perpVault != address(0), "zero address");

require(perpVault == address(0), "already set");

perpVault = _perpVault;

gExchangeRouter.setSavedCallbackContract(market, address(this));

}

Updates

Lead Judging Commences

n0kto Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

invalid_tx-origin

Lightchaser: Medium-5

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.