Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: high

Invalid

Deposit operations are blocked after execution of Liquidation callback

damilolaedwards

Target

contracts/PerpetualVault.sol

Vulnerability Details

The afterLiquidationExecution function is a callback function which handles post-liquidation operations only callable by the gmxProxy contract. During the execution of this function, the depositPaused state variable is set to true, this implies that all subsequent deposit calls will fail until the variable is set to false, however, across the codebase, there’s no other logic that resets the value of the depositPaused back to false. By implication, this means once deposits are paused during liquidation handling, users would be unable to deposit until the the protocol owner steps in to manually reset the paused state.

function afterLiquidationExecution() external {

if (msg.sender != address(gmxProxy)) {

revert Error.InvalidCall();

}

depositPaused = true;

uint256 sizeInTokens = vaultReader.getPositionSizeInTokens(curPositionKey);

if (sizeInTokens == 0) {

delete curPositionKey;

}

if (flow == FLOW.NONE) {

flow = FLOW.LIQUIDATION;

nextAction.selector = NextActionSelector.FINALIZE;

} else if (flow == FLOW.DEPOSIT) {

flowData = sizeInTokens;

} else if (flow == FLOW.WITHDRAW) {

// restart the withdraw flow even though current step is FINALIZE.

nextAction.selector = NextActionSelector.WITHDRAW_ACTION;

}

PerpetualVault.afterLiquidationExecution

function deposit(uint256 amount) external nonReentrant payable {

_noneFlow();

if (depositPaused == true) {

revert Error.Paused();

}

PerpetualVault.deposit

Impact

Once a liquidation happens, the system ultimately blocks deposits, the protocol owner has to intervene to manually reset the state everytime this happens, this may go unnoticed for a long period of time thereby blocking users from depositing

Tools Used

Manual Review

Recommendations

Perform complete cleanups after liquidation, once the operation is complete, the depositPause state variable should be reset to false so all other operations can continue running smoothly.

Updates

Lead Judging Commences

n0kto Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.