Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

PerpetualVault Execution Fee Refund Issue

certikfire

Summary

During the code review of the PerpetualVault smart contract, a potential issue was identified in the _cancelFlow() function regarding the execution fee refund mechanism. The current implementation refunds the full execution fee without accounting for the gas already consumed during the transaction execution.

Vulnerability Details

In the _cancelFlow() function, the execution fee refund is implemented as follows:

try IGmxProxy(gmxProxy).refundExecutionFee(
depositInfo[counter].owner,
depositInfo[counter].executionFee
) {} catch {}

The issue is that this implementation:

  • Refunds the full executionFee amount

  • Does not deduct the gas already consumed (callbackGasLimit * tx.gasprice)

  • Is inconsistent with other refund implementations in the contract (e.g., in _mint() and _handleReturn())

Impact

  • Financial: The contract may refund more execution fees than it should, potentially leading to economic losses for the protocol

  • Consistency: The refund logic differs from other similar operations in the contract, which could lead to unexpected behavior

  • Gas Usage: Inefficient use of gas as the full amount is refunded regardless of actual consumption

Tools Used

  • Manual code review

  • Code comparison with similar implementations within the contract

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding_cancelFlow_can_be_called_after_order_execution_leading_to_disturb_shares_and_refund_too_many_fees

Likelihood: None/Very Low, when the keeper call cancelFlow after an order execution Impact: High, Inflation/deflation of total shares, and too many fees refunded.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.