Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: medium

Invalid

GmxProxy::createOrder Is Not Compatible With USDT

zebra

Summary

The GmxProxy::createOrder function is incompatible with USDT due to its non-standard “approve-reset” pattern, leading to transaction reverts when USDT is used as a collateral token.

Vulnerability Details

USDT implements a non-standard approve function that requires resetting the approval to 0 before setting a new allowance.

The relevant code from the USDT contract:
https://etherscan.io/address/0xdac17f958d2ee523a2206206994597c13d831ec7

/**

* @dev Approve the passed address to spend the specified amount of tokens on behalf of msg.sender.

* @param _spender The address which will spend the funds.

* @param _value The amount of tokens to be spent.

function approve(address _spender, uint _value) public onlyPayloadSize(2 * 32) {

// To change the approve amount you first have to reduce the addresses`

// allowance to zero by calling `approve(_spender, 0)` if it is not

// already 0 to mitigate the race condition described here:

// https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729

require(!((_value != 0) && (allowed[msg.sender][_spender] != 0)));

allowed[msg.sender][_spender] = _value;

Approval(msg.sender, _spender, _value);

}

According to PerpetualVault.sol,

collateralToken can be ETH, WETH, BTC, LINK, UNI, USDC, USDT, DAI, FRAX.

The GmxProxy::createOrder function does not account for this special requirement, causing transactions to fail when USDT is used as the collateral token.

Additionally, OpenZeppelin’s safeApprove function does not handle this “approve-reset” pattern, making it ineffective for USDT approvals.

Impact

Any attempt to use USDT in GmxProxy::createOrder results in a revert

Tools Used

N/A

Recommendations

Modify the GmxProxy::createOrder to first set approval to 0 before setting the new allowance.

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

n0kto Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Out of scope

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.