The contract calculates execution fees using tx.gasprice, which can be manipulated by miners/validators to inflate gas costs artificially, forcing excessive payment.
• The execution fee is calculated as:
• Risk: Miners or validators can artificially increase tx.gasprice, making transactions exorbitantly expensive.
• Unnecessary high transaction fees, leading to capital inefficiency.
• Can be exploited in front-running attacks, forcing users to overpay for orders.
• Manual Code Review
• Slither Static Analysis
• Use block.basefee instead of tx.gasprice to ensure fees are fair:
• Implement gas limit sanity checks before processing transactions.
The frontrunner won’t trigger "congestion" without a huge amount of transactions, and it will cost a lot. Moreover, the execution gas limit is overestimated to prevent such cases: ``` executionGasLimit = baseGasLimit + ((estimatedGasLimit + _callbackGasLimit) * multiplierFactor) / PRECISION; ``` The keeper won’t wait long to execute the order; otherwise, GMX would not be competitive.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.