Liquidity Management
Gamma
DeFiFoundry
50,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

The duplicate function name causes confusion and has the potential to lead to unintended behavior.

kevinkkien

Summary

In the GmxProxy contract, there are two functions named refundExecutionFee, but they differ in parameters. This can cause confusion for developers when using them, especially in complex systems or when calling functions from other contracts. Additionally, this issue could lead to calling the wrong function, posing security risks and disrupting the contract operation.

Vulnerability Details

The two functions share the same name but perform entirely different tasks:

  • One function handles refunding the gas fee from GMX.

  • The other function handles refunding the fee for a specific recipient.

Without carefully reading the documentation or the source code, users might easily call the wrong function.

/**
* Callback function from GMX to refund remaining gas.
* @param key request key
*/
function refundExecutionFee(
bytes32 key,
EventLogData memory
) external payable {}
/**
* @notice
* Returns the remaining execution fee after flow is completed.
* @param receipient address to receive the remaining fee
* @param amount amount of the remaining fee
*/
function refundExecutionFee(address receipient, uint256 amount) external {
require(msg.sender == perpVault, "invalid caller");
payable(receipient).transfer(amount);
}

Impact

Confusion in calling the functions can lead to sending incorrect data or the wrong amount of assets.

Tools Used

Manual

Recommendations

Rename the functions to reflect the specific functionality of each one. For example:

  • refundExecutionFeeFromGMX instead of refundExecutionFee.

  • refundExecutionFeeToRecipient instead of refundExecutionFee.

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Appeal created

kevinkkien Submitter
7 months ago
n0kto Lead Judge
7 months ago
n0kto Lead Judge 6 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.