Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Failure to Ensure Sufficient ETH for Order Execution May Lead to Stuck or Canceled Orders

0x0107

Summary

The GmxProxy.createOrder() and settle() functions do not properly ensure that the contract has enough ETH to cover the execution gas fees for order processing on GMX.

If the contract does not have enough ETH, orders may be rejected, delayed, or canceled, leading to failed trades, unexpected liquidations, or missed arbitrage opportunities.

Vulnerability Details

// GmxProxy.sol, createOrder
uint256 positionExecutionFee = getExecutionGasLimit(
orderType,
orderData.callbackGasLimit
) * tx.gasprice;
require(address(this).balance >= positionExecutionFee, "insufficient eth balance");
// GmxProxy.sol, settle
uint256 positionExecutionFee = getExecutionGasLimit(
Order.OrderType.MarketDecrease,
orderData.callbackGasLimit
) * tx.gasprice;
require(address(this).balance >= positionExecutionFee, "insufficient eth balance");

Problems:

  1. ETH Depletion Can Cause Stuck Orders

    • If the contract does not have enough ETH, no orders will execute, preventing users from trading.

    • Users do not know if an order will be rejected until after submission.

  2. No Fallback Mechanism to Retry Execution

    • If an order is rejected due to low ETH, there is no way to retry execution without manually resubmitting the order.

  3. Can Cause Unexpected Liquidations

    • If an emergency liquidation requires ETH for execution but fails, positions may remain open and accumulate losses, leading to unexpected liquidations at worse prices.

  4. Lack of ETH Monitoring

    • There is no function to ensure the contract always maintains enough ETH for execution.

PoC

Exploit Scenario:

  1. The contract does not have enough ETH to cover order execution fees.

  2. A user submits an order, but the require(address(this).balance >= positionExecutionFee) check fails.

  3. The order does not execute, causing failed trades, missed arbitrage, or unnecessary liquidations.

// SPDX-License-Identifier: MIT
pragma solidity ^0.8.4;
import {Test} from "forge-std/Test.sol";
import {GmxProxy} from "../src/GmxProxy.sol";
import {IGmxProxy} from "../src/interfaces/IGmxProxy.sol";
contract GmxProxyExploitTest is Test {
GmxProxy gmxProxy;
address user = address(0x123);
address market = address(0x456);
function setUp() public {
gmxProxy = new GmxProxy();
vm.deal(address(gmxProxy), 0); // Ensure contract has 0 ETH
}
function testOrderFailsDueToLowETH() public {
vm.startPrank(user);
// Simulate order execution fee requirement
uint256 requiredFee = 0.05 ether;
vm.expectRevert("insufficient eth balance");
gmxProxy.createOrder(
IGmxProxy.OrderType.MarketIncrease, // Order type
IGmxProxy.OrderData({
market: market,
initialCollateralToken: address(0xAAA),
amountIn: 1 ether,
sizeDeltaUsd: 1000e18,
acceptablePrice: 2000e30,
minOutputAmount: 0,
callbackGasLimit: 200000
})
);
vm.stopPrank();
}
}

Impact

  • Users Cannot Execute Orders - If the contract runs out of ETH, no new trades can be placed.

  • Unexpected Liquidations - If liquidation orders fail due to low ETH, positions may not close in time, causing unexpected losses.

  • Missed Arbitrage Opportunities - Users relying on price movements may miss favorable execution windows if their orders fail.

Tools Used

Manual Review, Foundry

Recommendations

If an order fails due to insufficient ETH, allow users to retry execution without resubmitting manually.

Updates

Lead Judging Commences

n0kto Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Users mistake, only impacting themselves.

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

n0kto Lead Judge 3 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Users mistake, only impacting themselves.

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.