Reliance on External Systems (GMX) could lead to financial losses and unfair liquidations
Summary
The interface relies heavily on the GMX protocol for order execution, position management, and collateral rebates. If GMX is compromised, delayed, or manipulated, it could lead to incorrect data being used in the protocol.
Vulnerability Details
The vulnerability can be found in the lines of code below;
Proof of Concept (PoC):
-
An attacker manipulates the GMX protocol to return incorrect position data or order execution results.
-
The
createOrderorsettlefunctions use the incorrect data to execute orders, leading to financial losses. -
Example:
function createOrder(Order.OrderType orderType, OrderData memory orderData) external returns (bytes32) {
// GMX-specific logic
}
If GMX returns incorrect data, the order execution will be incorrect.
Impact
Incorrect data could lead to financial losses, unfair liquidations, and protocol instability
Tools Used
Deepseek
Recommendations
Use multiple independent protocols to validate data and reduce reliance on a single source.
Implement data deviation checks to detect and respond to anomalies.
Add a grace period for data updates to account for potential delays.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.