Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Improper Use of tx.origin for Access Control

adig36

Summary

The setPerpVault function in GMXProxy.sol uses tx.origin to verify the caller's identity. This introduces a security risk where an attacker can trick the contract owner into executing a malicious transaction, potentially allowing unauthorized vault configuration.

Vulnerability Details

The function checks if tx.origin == owner().

tx.origin refers to the original externally owned account (EOA) that initiated the transaction, even if the call is made through an intermediate contract.
This allows an attacker to deploy a malicious contract and trick the owner into calling it. The malicious contract can then call setPerpVault, with tx.origin still being the owner, bypassing access controls.

Link to the code

Impact

Unauthorized modification of the perpetual vault address which potentially allows unauthorized access.
Potential loss of funds if the vault manages user deposits.

Tools Used

Manual Code Review

Recommendations

Replace tx.origin with msg.sender for access control:

require(msg.sender == owner(), "not owner");

Updates

Lead Judging Commences

n0kto Lead Judge 5 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

invalid_tx-origin

Lightchaser: Medium-5

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.