Fetching indexToken.balanceOf() will always revert for BTC market
Summary
Due to the BTC/USD market returning a non-contract address as indexToken, any calls to balanceOf() in PerpetualVault.sol revert, rendering the contracts incompatible with this key GMX market.
Vulnerability Details
When a PerpetualVault is initialized, the indexToken address is set by calling getMarket() from the GMXReader:
According to the README, these contracts should be compatible with wBTC (i.e. the BTC/USD GMX market). However, in the BTC/USD market, marketinfo.indexToken is not a contract, so calling balanceOf() will revert.
Here's the indexToken address for the BTC/USD market on Arbitrum: https://arbiscan.io/address/0x47904963fc8b2340414262125af798b9655e58cd
indexToken.balanceOf() is used throughout the PerpetualVault.sol contract making Gamma's implementation incompatible with this key market.
Impact
Contracts incompatible with key GMX market.
Tools Used
Manual review
Recommendations
Consider using the long token instead of the index token for these markets, however, this can cause issues if you ever want to launch on markets where the long token doesn't equal the index token.
Appeal created
finding_WBTC_market_set_indexToken_on_an_EOA
Impact: High. 1/3 of the in-scope tokens are DoS, and WBTC is an important token. Likelihood: Low. It would be an admin error to integrate it, knowing that indexToken should be equal to longToken. However, the token is in-scope, meaning it should have at least a low likelihood.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.