Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

`KeeperProxy::_check` Chainlink PriceFeeds are not Guaranteed to always have 8 decimals

izuman

Summary

https://github.com/CodeHawks-Contests/2025-02-gamma/blob/84b9da452fc84762378481fa39b4087b10bab5e0/contracts/KeeperProxy.sol#L193

The chainlink price feeds used inside the KeeperProxy contract are assumed to always have 8 decimals when converting the price from chainlink's format to GMX's price feed format.

For example PEPE/USD Arbitrum Chainlink Price feed has 18 decimals: https://docs.chain.link/data-feeds/price-feeds/addresses?network=arbitrum&page=1&search=Pepe

PEPE/USDC is an available market on GMX V2: https://app.gmx.io/#/trade/long

Vulnerability Details

The contract uses a constant value when converting chainlink price feeds to the GMX price feed format.

Impact

Most likely inside the KeeperProxy::_check it will revert with "price offset too big" https://github.com/CodeHawks-Contests/2025-02-gamma/blob/84b9da452fc84762378481fa39b4087b10bab5e0/contracts/KeeperProxy.sol#L194C5-L197C7
And it will be impossible to open/close trades within a market.

Tools Used

Recommendations

Retrieve the decimals from the chainlink price feed during initialization and the store the decimals in a mapping of priceFeedAddress -->decimals.

Updates

Lead Judging Commences

n0kto Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope
Assigned finding tags:

Suppositions

There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.

Appeal created

izuman Submitter
5 months ago
n0kto Lead Judge
5 months ago
n0kto Lead Judge 4 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope
Assigned finding tags:

Suppositions

There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.