Incorrect ETH Balance Check Leads to Unexpected Execution Flow
Summary
The run() function in the PerpetualVault contract relies on gmxProxy.lowerThanMinEth() to determine whether execution should proceed. However, this function is designed to return true when the contract’s ETH balance is below the minEth threshold. This causes the function logic to execute when there is insufficient ETH, leading to unexpected behavior and potential disruptions in key operations such as opening or modifying positions.
Vulnerability Details
The vulnerability stems from an incorrect ETH balance check in the run function:
The function lowerThanMinEth() is implemented as follows:
This function evaluates whether the contract’s ETH balance is below minEth:
Returns
trueifaddress(this).balance < minEthReturns
falseifaddress(this).balance >= minEth
The current check in run executes the logic when ETH is insufficient (balance < minEth), which is opposite of the intended behavior. This incorrect condition leads to execution only when the contract has insufficient ETH, which can cause unintended failures or inefficient operations.
Impact
The function runs operations at the wrong time (when ETH is low instead of when it is available).
Tools
Manual Review
Recommendations
Modify the following check in run function;
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.