Liquidity Management

Details:
The GMProxy contract includes a setMinEth function that allows the owner to set the minimum ETH balance (minEth). However, this function does not validate the input value, meaning that the owner can set minEth to any arbitrary value. Without bounds, setting minEth too low or too high could result in unintended behavior during order creation and execution. For example, a value set too low might cause operations to proceed without sufficient gas funding, while a value set too high could incorrectly signal that the contract's balance is insufficient, blocking normal functionality.

Note: The README states that the default value for minEth is 0.002.

Root Cause:
The root cause is the absence of input validation in the setMinEth function. The function directly assigns the provided _minEth value to the state variable without checking whether it falls within a reasonable range.

Impact:

• Operational Disruption:

  • Too Low: If minEth is set too low, the contract might attempt to process operations with an inadequate ETH buffer, potentially leading to failed transactions if gas costs are not met.

  • Too High: If minEth is set excessively high, the contract could continuously determine that it has insufficient ETH (via lowerThanMinEth()), thereby preventing the execution of orders.

• Risk of Misconfiguration:
  An owner error or a malicious actor (if the owner is compromised) could set minEth to values that disrupt normal operations.

• Overall Severity:
  While the vulnerability is low in severity, it can affect the reliability of transaction execution if misconfigured.

Recommendation:
Implement validation in the setMinEth function to enforce that the input value remains within an acceptable range. For example:

• Define reasonable lower and upper bounds (e.g., between 0.001 ether and 1 ether, though the actual range should be determined based on business requirements).

• Update the function to include a check, such as:

  function setMinEth(uint256 _minEth) external onlyOwner {

  require(_minEth >= 0.001 ether && _minEth <= 1 ether, "minEth out of acceptable range");

  minEth = _minEth;

  }

This change will prevent accidental or malicious misconfiguration of the minEth parameter.

Proof of Concept:

1. Setting minEth Too Low:

   • Call setMinEth(0) to set the minimum ETH requirement to zero.

   • When lowerThanMinEth() is called, it will always return false (since any balance will be greater than or equal to 0), potentially allowing operations to proceed even when the contract does not have a sufficient ETH buffer for execution.

2. Setting minEth Too High:

   • Call setMinEth(1000 ether) to set an excessively high minimum ETH requirement.

   • In this case, regardless of the actual ETH balance, lowerThanMinEth() will likely always return true, causing the contract to incorrectly flag its balance as insufficient and blocking order creation and execution.

These scenarios demonstrate how the lack of input validation can lead to unintended and potentially disruptive behaviors.