Unnecessary Execution Fee on instant Withdrawals
Summary
Users who withdraw when position is already closed still pay an execution fee, even tho no off chain execution is required. The contract currently calls `_payExecutionFee(depositId, false); before checking whether an off-chain action is necessary. If no position is open
Current implementation
Or
curPositionKey == bytes32(0)
the withdrawal is processed immediately on-chain, meaning the execution fee was charged unnecessarily
Vulnerability Details
Impact
Unnecessary cost for users who are actually not going to used it I.e when
(curPositionKey == bytes32(0))Loss of trust since users will see it as an unfair advantage reducing trust in the protocol
Reduced Capital Efficiency (Extra cost that serves no purpose)
Tools Used
Manual Review
Recommendations
Modify the withdraw function to only call _ payExecutionFee() when an off chain action is required:
And since the protocol does not mention explicitly who are to pay execution fee but users but it is still an issue for who are allowed to pay execution fee
Lead Judging Commences
invalid_withdraw_positionIsClosed_does_not_refund_fees
No fee needed in _payExecutionFee when position is closed. Make a PoC if you disagree.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.