Summary

Using tx.origin may lead to problems when users are interacting via smart contract with your protocol. It is recommended to use msg.sender for authentication.

Vulnerability Details

Found in contracts/GmxProxy.sol ``Line: 352

Impact

• Vulnerability to phishing attack

• Potential contract manipulation through malicious intermediate contracts

• Authentication bypass risks

Recommendations

• Replace all tx.origin usage with msg.sender

• Implement proper authentication checks

• Add additional security layers for critical functions

• Consider using OpenZeppelin's authentication patterns