Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Users will lose their part of their tokens

0xakira

Vulnerability details

The _mint, _handleReturn and _cancelFlow functions use try/catch blocks. In the try block there is a call of the refundExecutionFee function to return Execution Fee to the deposit owner, but there is nothing in the catch block. Because of this, the transaction can silently terminate. The transaction will be successful and the user will not receive Execution Fee. Such Silent Failure will happen all the time provided that the deposit owner is a multisig wallet, because in the refundExecutionFee function the transfer of commission is performed using transfer and not call. Due to the out of gas, the user will not get the fee he is entitled to.

function _handleReturn(

uint256 withdrawn,

bool positionClosed,

bool refundFee

) internal {

//code ...

if (refundFee) {

uint256 usedFee = callbackGasLimit * tx.gasprice;

if (depositInfo[depositId].executionFee > usedFee) {

try

IGmxProxy(gmxProxy).refundExecutionFee(

depositInfo[counter].owner,

depositInfo[counter].executionFee - usedFee

)

{} catch {}

}

function refundExecutionFee(address receipient, uint256 amount) external {

require(msg.sender == perpVault, "invalid caller");

payable(receipient).transfer(amount);

}

Impact

The user will not receive their fee, nor will they be able to trace the cause of the error anywhere. This undermines the trust in the protocol.

Recommended Mitigation Steps

Consider adding to the catch block accounting for unrealised user fees

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Assigned finding tags:

Users mistake, only impacting themselves.

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!