Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Use of tx.origin for Authorization

certikfire

Summary

The GmxProxy contract uses tx.origin for owner authorization in the setPerpVault function, which is an unsafe practice that could allow phishing attacks to bypass access controls.

Vulnerability Details

In GmxProxy.sol, the setPerpVault function uses tx.origin to verify the owner:

function setPerpVault(address _perpVault, address market) external {
require(tx.origin == owner(), "not owner"); // Unsafe use of tx.origin
require(_perpVault != address(0), "zero address");
require(perpVault == address(0), "already set");
perpVault = _perpVault;
gExchangeRouter.setSavedCallbackContract(market, address(this));
}

tx.origin refers to the original externally owned account (EOA) that initiated the transaction, rather than the immediate caller (msg.sender). This creates a vulnerability where an attacker could trick the owner into interacting with a malicious contract that then calls setPerpVault.

Impact

  • Medium severity

  • The vulnerability could allow an attacker to set an unauthorized perpVault address if they can trick the owner into interacting with a malicious contract

  • Since setPerpVault can only be called once and sets a core protocol component, this could potentially compromise the system's security

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

invalid_tx-origin

Lightchaser: Medium-5

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.