Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Lack of Active Flow Checks in Administrative State Override Function

m3dython

Details:
The setVaultState function in the PerpetualVault contract allows the owner to arbitrarily override the vault’s internal state—including the active flow, flow data, position parameters, and locks—without performing any validation checks (e.g., verifying that no active flow is in progress). Although this functionality is intended for emergency or administrative use, it opens up the possibility of misconfiguration. An owner may accidentally set an inconsistent or invalid state during an active operation, potentially leading to disrupted operations or funds becoming inaccessible.

Root Cause:
The absence of input validation and state consistency checks within the setVaultState function allows the owner to override vault state without ensuring that such overrides are safe. There is no safeguard to prevent the modification of critical states while a flow is active.

Impact:

  • Operational Disruption: Accidental overriding of valid states during an active process could cause the vault to enter an inconsistent state, halting further operations.

  • Risk of Funds Lock-up: Inconsistent state settings may lead to funds being locked or inaccessible to users.

  • Increased Administrative Risk: While the function is only callable by the owner, any error (or a compromised owner account) may have severe consequences for the vault’s operation.

Recommendation:

  • Add State Validation: Introduce additional checks in setVaultState (or create a separate override function) that verify the vault is in an idle state (e.g., flow == FLOW.NONE) before allowing state changes.

  • Implement Safeguards: Validate that the new state parameters are consistent with the expected state transitions.

  • Document Usage Clearly: Provide clear documentation and warnings about the risks associated with using this function to prevent accidental misuse.

Proof of Concept:

  1. Scenario Setup:

    • Assume the vault is in the middle of an active flow (i.e., flow != FLOW.NONE) processing a deposit or withdrawal.

  2. Execution:

    • The owner mistakenly calls setVaultState with parameters that reset flow to FLOW.NONE and modify other state variables (such as curPositionKey and beenLong).

  3. Outcome:

    • The vault’s state becomes inconsistent with the ongoing operations. As a result, subsequent interactions with the vault may fail, or funds may become locked because the system no longer correctly tracks the active flow.

Implementing additional checks would mitigate this risk by ensuring that state overrides can only occur under safe conditions.

Updates

Lead Judging Commences

n0kto Lead Judge 8 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Admin is trusted / Malicious keepers

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point. Keepers are added by the admin, there is no "malicious keeper" and if there is a problem in those keepers, that's out of scope. ReadMe and known issues states: " * System relies heavily on keeper for executing trades * Single keeper point of failure if not properly distributed * Malicious keeper could potentially front-run or delay transactions * Assume that Keeper will always have enough gas to execute transactions. There is a pay execution fee function, but the assumption should be that there's more than enough gas to cover transaction failures, retries, etc * There are two spot swap functionalies: (1) using GMX swap and (2) using Paraswap. We can assume that any swap failure will be retried until success. " " * Heavy dependency on GMX protocol functioning correctly * Owner can update GMX-related addresses * Changes in GMX protocol could impact system operations * We can assume that the GMX keeper won't misbehave, delay, or go offline. " "Issues related to GMX Keepers being DOS'd or losing functionality would be considered invalid."

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.