Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Incorrect Share Calculation for First Depositor

efccweb3

Summary

The _mint function incorrectly calculates shares for the first depositor due to a hardcoded multiplier (1e8). Since different tokens have different decimal places, this results in incorrect share allocation for tokens with decimals other than 8.

Vulnerability Details

Affected Code in _mint Function

if (totalShares == 0) {
_shares = depositInfo[depositId].amount * 1e8;
function _mint(uint256 depositId, uint256 amount, bool refundFee, MarketPrices memory prices) internal {
uint256 _shares;
if (totalShares == 0) {
_shares = depositInfo[depositId].amount * 1e8; // <---
} else {
uint256 totalAmountBefore;
if (positionIsClosed == false && _isLongOneLeverage(beenLong)) {
totalAmountBefore = IERC20(indexToken).balanceOf(address(this)) - amount;
} else {
totalAmountBefore = _totalAmount(prices) - amount;
}
if (totalAmountBefore == 0) totalAmountBefore = 1;
_shares = amount * totalShares / totalAmountBefore;
}
depositInfo[depositId].shares = _shares; // <---
totalShares = totalShares + _shares;
if (refundFee) {
uint256 usedFee = callbackGasLimit * tx.gasprice;
if (depositInfo[counter].executionFee > usedFee) {
try IGmxProxy(gmxProxy).refundExecutionFee(depositInfo[counter].owner, depositInfo[counter].executionFee - usedFee) {} catch {}
}
}
emit Minted(depositId, depositInfo[depositId].owner, _shares, amount);
}

  • This hardcoded 1e8 assumes all deposit tokens have 8 decimals.

  • However, the contract allows deposits in WETH (18 decimals), WBTC (8 decimals), LINK (18 decimals), and USDC (6 decimals).

  • For 18-decimal tokens (WETH, LINK), this causes over-minting of shares.

  • For 6-decimal tokens (USDC), this causes under-minting.
    Allowing it to break this saying:

struct DepositInfo {
uint256 amount; // amount of deposit
uint256 shares; // amount of share corresponding to deposit amount @not valid becuz of present issue
address owner; // depositor address
uint256 executionFee; // execution fee
uint256 timestamp; // timestamp of deposit
address recipient; // address of recipient when withdrawing, which is set at the moment of withdrawal request
}

Impact

  • First depositor using WETH or LINK will receive 10⁸ times more shares than intended, causing inflation.

  • First depositor using USDC will receive 10² times fewer shares, leading to unfair loss.

Tools Used

Manual code review

Recommendations

Normalize Deposits Using Token Decimals

Updates

Lead Judging Commences

n0kto Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Appeal created

efccweb3 Submitter
5 months ago
n0kto Lead Judge
5 months ago
n0kto Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.