Stale Data Usage in Position Calculations
Summary
The function relies on gmxReader.getPositionInfo() and dataStore without ensuring real-time price updates, leading to potentially outdated position values.
Vulnerability Details
The VaultReader contract uses prices.shortTokenPrice.min and prices.longTokenPrice.min, which may be stale if not updated frequently.
Borrowing fees and funding fees are subtracted without verifying time-based freshness.
POC
Call
getPositionInfo()multiple times without updatingdataStore.Compare results with on-chain updated prices.
If price changes are not reflected, the data is stale.
Impact
Users may see incorrect liquidation warnings.
Delayed position updates can cause traders to enter bad trades.
If borrowing fees are not updated, the vault might be under/over-compensating.
Tools Used
Manual Review
Foundry
Recommendations
Ensure real-time price updates before position calculations.
Implement on-chain timestamp validation for price freshness.
Use Chainlink oracles to verify updated price feeds.
Lead Judging Commences
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.