Gas Price Manipulation in Execution Fee Calculation in createOrder() function
Summary
The contract calculates execution fees using tx.gasprice, which can be manipulated by miners/validators to inflate gas costs artificially, forcing excessive payment.
Vulnerability Details
• The execution fee is calculated as:
• Risk: Miners or validators can artificially increase tx.gasprice, making transactions exorbitantly expensive.
Impact
• Unnecessary high transaction fees, leading to capital inefficiency.
• Can be exploited in front-running attacks, forcing users to overpay for orders.
Tools Used
• Manual Code Review
• Slither Static Analysis
Recommendations
• Use block.basefee instead of tx.gasprice to ensure fees are fair:
• Implement gas limit sanity checks before processing transactions.
Lead Judging Commences
invalid_tx-gasprice_instable
The frontrunner won’t trigger "congestion" without a huge amount of transactions, and it will cost a lot. Moreover, the execution gas limit is overestimated to prevent such cases: ``` executionGasLimit = baseGasLimit + ((estimatedGasLimit + _callbackGasLimit) * multiplierFactor) / PRECISION; ``` The keeper won’t wait long to execute the order; otherwise, GMX would not be competitive.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.