Unprotected Order Execution Vulnerability in GMXProxy Contract Enables MEV Bot Front-Running Attacks
Summary
A critical security vulnerability has been identified in the GMXProxy contract that allows malicious actors to front-run order executions. The vulnerability stems from the contract's exposed market-based order execution mechanism, which lacks essential protections against MEV (Miner Extractable Value) bots. This vulnerability could result in significant financial losses for users and compromise the protocol's integrity.
Vulnerability Details
The GMXProxy contract executes orders based on market conditions through the createOrder and settle functions, which are vulnerable to front-running attacks. The contract's current implementation:
Exposed Order Execution - Orders are broadcasted to the public mempool before execution
Market conditions and order parameters are visible to all network participants
No protection mechanisms are implemented to prevent transaction reordering
Vulnerable Functions -
createOrder: Exposes market-based order execution parameters
settle: Reveals settlement intentions before executionafterOrderExecution: Processes callbacks without privacy guarantees
Root Cause
The vulnerability exists due to three primary factors:
Lack of Privacy Mechanisms - Tx data is publicly visible in the mempool
No encryption or privacy protection for order details
Insecure Transaction Ordering
Dependence on public mempool for tx processing
No fairness guarantees in execution sequence
Missing Protection Layers - No private transaction relays
Impact
The vulnerability poses significant risks to the protocol:
Financial Risks - Potential losses
Risk of forced liquidations and unfair profit extraction
Protocol Integrity - Compromise of fair market mechanisms
Loss of user trust in the protocol
Potential reputational damage
Tools Used
The vulnerability was identified through:
Static Analysis - Code review of GMXProxy.sol contract
Analysis of transaction flow patterns
Protocol Analysis - Review of market-based execution mechanisms
Analysis of transaction privacy features
Evaluation of protection mechanisms
Mitigation
To address this vulnerability, implement the following measures:
Integrate Flashbots or similar private transaction relays
-Implement batch auctions for grouped executions
3, -Implement off-chain order books for price discovery
4, -Add multi-signature requirements for critical transactions
Lead Judging Commences
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.