DoS Due to Unclear Flow Data
Summary
flow variable that is used to prevent user interactions while its in progress does not reset as none when the case that 1x leverage and swap using only dex at _runnext function at Deposit flow inPerpetualVault.sol.
Vulnerability Details
The contract's execution flow is flawed when an off-chain keeper selects a DEX for swapping after a user deposits tokens for a long position(1x leverage and swap using only dex). The finalize function is not called in this scenario, leaving flow data uncleared. Consequently, all non-flow functions become inoperable so admin should call cancelFlow() function but it is also stuck when there's no enough collateral balance to refund to the user, effectively halting the contract and creating a denial-of-service condition. This issue can be exploited to freeze the contract's functionality.
Impact
The failure to clear flow data leads to a denial-of-service condition before , as all non-flow functions become inoperable, effectively halting the contract's functionality.
Tools Used
Mannual review
Recommendations
Should clear flow data by calling finalize function after [mint](https://github.com/CodeHawks-Contests/2025-02-gamma/blob/main/contracts/PerpetualVault.sol#L1005).
Lead Judging Commences
finding_deposit_1x_long_dex_positionIsOpened_DoS_Flow
Likelihood: Medium/High, - Leverage = 1x - beenLong = True - positionIsClosed = False - Metadata → 1 length and Dex Swap Impact: Medium/High, DoS on any new action before the admin uses setVaultState Since this seems to be the most probable path for a 1x PerpVault, this one deserves a High.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.