Hardcoded GMX peripheral contract addresses can lead to DoS
Summary
The VaultReader contract hardcodes GMX peripheral contract addresses.
The constructor sets _orderHandler, _dataStore, _orderVault, _reader and _referralStorage once:
Vulnerability Details
No function exists to update these addresses. If _orderHandler, _dataStore, _orderVault, _reader or _referralStorage need to change for any reason (e.g., contract upgrades, identified vulnerabilities, or protocol migrations), there is no built-in flexibility to do so.
Impact
The VaultReader contract serves as a convenient way to access and calculate various trading-related metrics without having to interact with multiple contracts directly.
The contract is useful for:
Front-end applications that need to display position and market information
Risk calculations before executing trades
Fee calculations
Position health checks
If any of the addresses change, it may lead to breaking of contract logic and every calls to VaultReader can be revert.
Tools Used
Manual review
Recommendations
Provide functions to update GMX peripheral contract addresses.(restricted to the contract owner)
Lead Judging Commences
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.