Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Missing Validation for GMX Order Execution

0xkimonic

Summary

The PerpetualVault does not validate GMX order success in callbacks, risking inconsistent state.

Vulnerability Details

The contract’s afterOrderExecution function attempts to claim funding fees via an external call. If this external call fails (for instance, due to a revert in claimFundingFees), the catch block only emits an error event without taking corrective action. As a result, fees may remain unclaimed.

POC

contract TestGMXOrderExecution is Test {

PerpetualVault vault;

MockGMXRouter router;

function setUp() public {

vault = new PerpetualVault();

router = new MockGMXRouter();

}

function testClaimFundingFeesFailure() public {

vm.prank(address(vault));

router.setFailing(true); // Simulating failure in claimFundingFees

vault.afterOrderExecution(); // Should fail but only emit an event

// Validate that fees remain unclaimed

assertEq(vault.unclaimedFees(), 0, "Fees should remain unclaimed");

}

Impact

Unclaimed fees reduce vault profitability, unfairly impacting depositors.

Tools Used

Manual Review
Foundry

Recommendations

Implement a retry mechanism or queue failed claims for later processing.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

Informational or Gas

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Appeal created

0xkimonic Submitter

9 months ago

n0kto Lead Judge

9 months ago

n0kto Lead Judge 8 months ago

Submission Judgement Published

Invalidated

Reason: Lack of quality

Assigned finding tags:

Informational or Gas

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!