Insufficient Gas Limit Configuration for callbackGasLimit Risking Callback Failures
Summary
The PerpetualVault and GmxProxy contracts rely on a callbackGasLimit for GMX order execution and callbacks, set to 2,000,000 in PerpetualVault and calculated dynamically in GmxProxy. However, there’s no mechanism to dynamically adjust or validate this limit against network conditions or GMX requirements. If the gas limit is insufficient, callbacks could fail, stalling critical operations.
Vulnerability Details
-
In PerpetualVault, callbackGasLimit is initialized to 2,000,000 and can be updated by the owner:
solidity
function setCallbackGasLimit(uint256 _callbackGasLimit) external onlyOwner {callbackGasLimit = _callbackGasLimit;} -
In GmxProxy, getExecutionGasLimit calculates the gas limit but lacks real-time adjustment for network gas price fluctuations:
solidity
function getExecutionGasLimit(Order.OrderType orderType, uint256 _callbackGasLimit) public view returns (uint256 executionGasLimit) {// ... calculation using static values and multiplier ...} -
There’s no monitoring or automatic adjustment based on current gas prices, GMX requirements, or historical execution data, risking underestimation of required gas.
Impact
Callback Failures: Insufficient gas limits could cause afterOrderExecution or afterOrderCancellation callbacks to fail, delaying or preventing position updates, withdrawals, or liquidations.
Operational Delays: Stalled operations could lead to financial losses, missed opportunities, or user dissatisfaction.
Liquidation Risk: Failed callbacks might trigger unintended liquidations or leave positions unmanaged.
Tools Used
Manual code review
Recommendations
Implement dynamic adjustment of callbackGasLimit based on network conditions, GMX requirements, or historical data. Add a function for the owner to update with bounds
Lead Judging Commences
Admin is trusted / Malicious keepers
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point. Keepers are added by the admin, there is no "malicious keeper" and if there is a problem in those keepers, that's out of scope. ReadMe and known issues states: " * System relies heavily on keeper for executing trades * Single keeper point of failure if not properly distributed * Malicious keeper could potentially front-run or delay transactions * Assume that Keeper will always have enough gas to execute transactions. There is a pay execution fee function, but the assumption should be that there's more than enough gas to cover transaction failures, retries, etc * There are two spot swap functionalies: (1) using GMX swap and (2) using Paraswap. We can assume that any swap failure will be retried until success. " " * Heavy dependency on GMX protocol functioning correctly * Owner can update GMX-related addresses * Changes in GMX protocol could impact system operations * We can assume that the GMX keeper won't misbehave, delay, or go offline. " "Issues related to GMX Keepers being DOS'd or losing functionality would be considered invalid."
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.