Incorrect Gas Fee Calculation in GMXProxy contract
Summary
The createOrder and settle functions in the GMXProxy contract relies on tx.gasprice to calculate the execution fee which can lead to incorrect fee calculations due to EIP-1559 changes.
Vulnerability Details
With EIP-1559, gas pricing now consists of a base fee and a priority tip (maxPriorityFeePerGas). tx.gasprice may not reflect the true gas cost, leading to miscalculations and either excessive or insufficient fee allocations.\
Link for createOrder function
Link for settle function
Impact
Users may experience failed transactions or overpayment of execution fees.
If fees are underestimated, execution failures could impact order processing.
Tools Used
Manual Code Review
Recommendations
Instead of relying on on-chain values like tx.gasprice, consider integrating a reliable gas price oracle (for example, Chainlink Gas Price Feeds). This oracle would provide a robust measure of the current effective gas price (base fee + estimated priority fee) and help ensure that the execution fee is set correctly.
Lead Judging Commences
invalid_tx-gasprice_instable
The frontrunner won’t trigger "congestion" without a huge amount of transactions, and it will cost a lot. Moreover, the execution gas limit is overestimated to prevent such cases: ``` executionGasLimit = baseGasLimit + ((estimatedGasLimit + _callbackGasLimit) * multiplierFactor) / PRECISION; ``` The keeper won’t wait long to execute the order; otherwise, GMX would not be competitive.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.