Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Due to not updating the deposits will be paused when they should be allowed

mrmorningstar

Summary

Whenever liquidation happens it is processed in afterLiquidationExecution :

function afterLiquidationExecution() external {

if (msg.sender != address(gmxProxy)) {

revert Error.InvalidCall();

}

depositPaused = true;

uint256 sizeInTokens = vaultReader.getPositionSizeInTokens(curPositionKey);

if (sizeInTokens == 0) {

delete curPositionKey;

}

if (flow == FLOW.NONE) {

flow = FLOW.LIQUIDATION;

nextAction.selector = NextActionSelector.FINALIZE;

} else if (flow == FLOW.DEPOSIT) {

flowData = sizeInTokens;

} else if (flow == FLOW.WITHDRAW) {

// restart the withdraw flow even though current step is FINALIZE.

nextAction.selector = NextActionSelector.WITHDRAW_ACTION;

}

First thing that is done is that all deposits are paused so the function can prepare keeper to create order again with liquidated funds.

Vulnerability Details

The issue is that even after order with liquidated funds is created and executed depositing to the protocol still remain paused because depositPaused still remains true.
The owner can change that manually, but it is more efficient and convenient if that is done automatically.

Impact

Deposits will be paused when they should not be.

Tools Used

Manual Review.

Recommendations

Make the following change in finalize function:

function _finalize(bytes memory data) internal {

if (flow == FLOW.WITHDRAW) {

(uint256 prevCollateralBalance, bool positionClosed, bool refundFee) = abi.decode(data, (uint256, bool, bool));

uint256 withdrawn = collateralToken.balanceOf(address(this)) - prevCollateralBalance;

_handleReturn(withdrawn, positionClosed, refundFee);

+ } else if (flow == FLOW.DEPOSIT) {

+ if (depositPaused) {

+ depositPaused = false;

+ }

+ delete swapProgressData;

+ delete flowData;

+ delete flow;

} else {

delete swapProgressData;

delete flowData;

delete flow;

}

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!