wrong implement of settle.
Summary
here in the settle, we are not verifying whether the queue is Settle. we shouldn't call the settle with an already settled queue.
Vulnerability Details
function settle(
IGmxProxy.OrderData memory orderData
) external returns (bytes32) {
require(msg.sender == perpVault, "invalid caller");
require(msg.sender == perpVault, "invalid caller");
uint256 positionExecutionFee = getExecutionGasLimit(
Order.OrderType.MarketDecrease,
orderData.callbackGasLimit
) * tx.gasprice;
require(
address(this).balance >= positionExecutionFee,
"insufficient eth balance"
);
.........
bytes32 requestKey = gExchangeRouter.createOrder(params);
queue.requestKey = requestKey;
@>>queue.isSettle = true;
return requestKey;
Impact
wrong verification of settle.
Tools Used
Recommendations
verify that queue.isSettle! = true starting of settle function.
Lead Judging Commences
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.