Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Position fee doesn't account price impact

ChainDefenders

Summary

The Gamma protocol calculates position fees using vaultReader.getPositionFeeUsd with a hardcoded false value for the _hasPositiveImpact parameter. This ignores the actual price impact of the trade, leading to incorrect fee calculations. Fees are either overestimated or underestimated, depending on the direction of the price impact, resulting in financial losses for users or the protocol.

Vulnerability Details

Hardcoded _hasPositiveImpact Parameter
The function vaultReader.getPositionFeeUsd uses a boolean parameter _hasPositiveImpact to determine whether the trade has a positive or negative price impact. This affects the fee calculation logic.
Current Code Issue:
The parameter is hardcoded to false, assuming all trades have a negative price impact. This is incorrect because price impact can be positive or negative depending on the trade direction and market conditions.
Price Impact Not Factored into Fee Calculation
The protocol fetches the price impact separately using vaultReader.getPriceImpactInCollateral but does not use it to determine the correct value for _hasPositiveImpact. This creates a disconnect between the fee calculation and the actual market impact of the trade.

Impact

Wrong computation of fees and users are charged the wrong fee.

Recommendations

Determine Price Impact Direction
Use the priceImpact value returned by vaultReader.getPriceImpactInCollateral to determine whether the impact is positive or negative:

bool hasPositiveImpact = priceImpact > 0;
Pass Correct Parameter to Fee Calculation
Update the fee calculation to use the dynamically determined hasPositiveImpact value:

uint256 feeAmount = vaultReader.getPositionFeeUsd(
market,
orderResultData.sizeDeltaUsd,
hasPositiveImpact
) / prices.shortTokenPrice.min;
Update Fee Calculation Logic
Modify the existing code to incorporate the price impact direction:

uint256 amount = depositInfo[counter].amount;
int256 priceImpact = vaultReader.getPriceImpactInCollateral(
curPositionKey,
orderResultData.sizeDeltaUsd,
prevSizeInTokens,
prices
);
bool hasPositiveImpact = priceImpact > 0;
uint256 feeAmount = vaultReader.getPositionFeeUsd(
market,
orderResultData.sizeDeltaUsd,
hasPositiveImpact
) / prices.shortTokenPrice.min;
uint256 increased;
if (priceImpact > 0) {
increased = amount - feeAmount - uint256(priceImpact) - 1;
} else {
increased = amount - feeAmount + uint256(-priceImpact) - 1;
}
_mint(counter, increased, false, prices);
nextAction.selector = NextActionSelector.FINALIZE;

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Known issue

Assigned finding tags:

invalid_positionFeeFactor_always_negative_impact_took_more_fees

Guardians audit L-02.

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!