Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: medium
Invalid

Flow State Misalignment in runSwap function from run Execution

olami9783

Summary

In the run function, the flow state is set to SIGNAL_CHNAGE at the beginning of the function execution.
However, the deposit and withdrawal operations that are triggered within the runSwap function, which is called being set to DEPOSIT or WITHDRAW Since the flow is in the SIGNAL_CHANGE state while the deposit or withdrawal operations are executed, the system will become stuck in an inconsistent state. This can potentially block or disrupt the execution of future deposit/withdraw actions, leading to an operational deadlock.

Affected function(s)

  • run

  • runSwap

  • Deposit and Withdrawal functions (through _mint and _handleReturn)

Vulnerability Details

  1. Execute the run function with a condition that triggers deposit or withdrawal (e.g., positionIsClosed or based on the isOpen and isLong flags).`

  2. Observe that the flow state is set to SIGNAL_CHANGE at the beginning of the function.

  3. Performs deposit or withdrawal actions within the runSwap function.

  4. Notice that the flow state remains in SIGNAL_CHANGE. preventing proper completion or further state transitions to DEPOSIT or WITHDRAW.

  • The flow state remains in SIGNAL_CHANGE which block the deposit or withdrawal operation i.e it becomes unresponsive due to the system being in an intermediate state that blocks further actions.

if (flow == FLOW.DEPOSIT) { // The system requires the state to be in DEPOSIT state but will be blocked cause SIGNAL_CHANGE is the initial execution and no transition changes update
// last `depositId` equals with `counter` because another deposit is not allowed before previous deposit is completely processed
_mint(counter, outputAmount + swapProgressData.swapped, true, prices);
} else if (flow == FLOW.WITHDRAW) { // The system requires the state to be in WITHDRAW state but will be blocked cause SIGNAL_CHANGE is the initial execution and no transition changes update
_handleReturn(outputAmount + swapProgressData.swapped, false, true);
} else {

Impact

  • Operational Blockage: The system will become stuck in the SIGNAL_CHANGE state, preventing further operations from being performed.

  • Inconsistent State Transaction

Tools Used

Manual Review

Recommendations

Properly Updates State Transition
Example Implementation

if (flow == FLOW.SIGNAL_CHANGE) {
// Ensure proper flow transition before execution
if (isCollateralToIndex) {
flow = FLOW.DEPOSIT; // Transition before deposit
// last `depositId` equals with `counter` because another deposit is not allowed before previous deposit is completely processed
_mint(counter, outputAmount + swapProgressData.swapped, true, prices);
} else {
flow == FLOW.WITHDRAW; // Transition before withdrawal
_handleReturn(outputAmount + swapProgressData.swapped, false, true);
} else {
// in the flow of SIGNAL_CHANGE, if `isCollateralToIndex` is true, it is opening position, or closing position
_updateState(!isCollateralToIndex, isCollateralToIndex);
}
Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!