Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Valid

Fee amount calculation uses max price instead of min when withdrawing

vinica_boy

Summary

Incorrect calculation of position fee will result in higher withdraw amount for withdrawer and loss of funds for all other depositors

Vulnerability Details

This is how fee is calculated in PerpetualVault::_withdraw() when users are withdrawing from an open position:

uint256 feeAmount = vaultReader.getPositionFeeUsd(market, sizeDeltaInUsd, false) / prices.shortTokenPrice.max;

At the same time, we have the following calculation in GMX to get the fee:

fees.positionFeeAmount = Precision.applyFactor(sizeDeltaUsd, fees.positionFeeFactor) / collateralTokenPrice.min;

This will always result in lower fees for a single withdrawer at the expense of all other depositors.

Impact

Incorrect fee calculation leading to unfair withdraw.

Tools Used

Manual review

Recommendations

Consider using min price to match the calculation in GMX.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding_withdraw_use_prices.shortTokenPrice.max_instead_of_min

Likelihood: Low/Medium, every withdraw, position opened, not liquidated, beenShort or not 1, and the difference between minPrice and maxPrice is significant. Impact: Low, small part of feeAmount and PnL not deducted from collateralDeltaAmount.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!