Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Missing Event for Critical Parameter Changes

Deleted user

Summary

Functions that modify critical protocol parameters should emit events to enable proper off-chain monitoring and transparency. The lack of events makes it difficult to track important state changes.

Vulnerability Details

The GmxProxy contract contains several critical parameter-changing functions without event emissions:

function setMinEth(uint256 _minEth) external onlyOwner {
minEth = _minEth;
}
function setPerpVault(address _perpVault, address market) external {
require(tx.origin == owner(), "not owner");
require(_perpVault != address(0), "zero address");
require(perpVault == address(0), "already set");
perpVault = _perpVault;
gExchangeRouter.setSavedCallbackContract(market, address(this));
}
function updateGmxAddresses(...) external onlyOwner {
// Updates multiple critical addresses without events
orderHandler = _orderHandler;
liquidationHandler = _liquidationHandler;
// ...more assignments
}

Impact

Severity: Low

  • Likelihood: Low (affects monitoring, not functionality)

  • Impact: Low (no direct security implications)

Reasons for Low severity:

  1. No direct security impact

  2. Only affects off-chain monitoring capabilities

  3. Contract functionality remains intact

  4. Changes are still visible on-chain through state changes

Tools Used

  • Manual code review

  • Best practices analysis

Recommendations

Add events for all critical parameter changes:

// Add event definitions
event MinEthUpdated(uint256 oldValue, uint256 newValue);
event PerpVaultSet(address indexed perpVault, address indexed market);
event GmxAddressesUpdated(
address indexed orderHandler,
address indexed liquidationHandler,
address indexed adlHandler,
address gExchangeRouter,
address gmxRouter
);
function setMinEth(uint256 _minEth) external onlyOwner {
uint256 oldValue = minEth;
minEth = _minEth;
emit MinEthUpdated(oldValue, _minEth);
}
function setPerpVault(address _perpVault, address market) external {
require(tx.origin == owner(), "not owner");
require(_perpVault != address(0), "zero address");
require(perpVault == address(0), "already set");
perpVault = _perpVault;
gExchangeRouter.setSavedCallbackContract(market, address(this));
emit PerpVaultSet(_perpVault, market);
}
function updateGmxAddresses(...) external onlyOwner {
// ... existing assignments ...
emit GmxAddressesUpdated(
_orderHandler,
_liquidationHandler,
_adlHandler,
_gExchangeRouter,
_gmxRouter
);
}

These changes would improve:

  1. Transparency of protocol operations

  2. Ability to monitor critical changes

  3. Historical tracking of parameter updates

  4. Integration with monitoring tools

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!