Liquidity Management

Summary

According to GMX, price impact rebates only apply to closing/decreasing positions. For opening/increasing positions, there is no maximum price impact. For market increase orders, the price impact is displayed on the UI. However, since users cannot determine the exact price impact when opening a position, they may be negatively impacted if the price impact is too high.

Vulnerability Details

According to the GMX Docs:

Note that this rebate only applies to closing/decreasing positions; for opening/increasing positions, there is no maximum price impact. For market increase orders, the price impact would be shown on the interface so that users can decide if the impact is acceptable. For limit orders, the acceptable price, including any price impact, must be met for the order to be executed.

Since users open positions with the Gamma protocol, they do not know the exact price impact beforehand. As a result, if the price impact is too high when opening a position, users may be negatively affected, as there is no threshold to revert the transaction in case of excessive price impact.

Impact

Users are unable to determine the exact price impact before opening a position. As a result, their position may be opened even if the price impact is excessively high (which they do not want), leading to unintended losses.

Tools Used

Manual Review

Recommendations

Implement a threshold for price impact when opening a position. If the price impact exceeds this threshold, the transaction should revert.