Liquidity Management

Summary

The protocol relies on external calls, such as refunding execution fees via IGmxProxy(refundExecutionFee), to maintain proper state and automation. However, the current implementation silently catches failures in these calls, without emitting events to indicate an error. This lack of event emission hinders off-chain monitoring and automated alerting systems from detecting and handling failures promptly. For example, in the _mint function and elsewhere, we see:

This can result in an incomplete state update if a failure occurs.

Vulnerability Details

The vulnerability arises because external calls that may fail—such as refund execution fee transfers—do not emit events when caught in a try/catch block. Without logging these failures, off-chain systems have no visibility into the issue, which can delay or prevent necessary fallback actions or alerts. The problem is compounded in critical functions like _mint and _handleReturn, where the refund mechanism is used.

Reduced transparency and operational oversight. Off-chain automation and monitoring systems may fail to detect external call failures, potentially leading to prolonged issues or state inconsistencies.

Impact

Failure to log external call errors can mask operational issues and delay the detection of systemic problems.

Off-chain keepers and monitoring systems rely on event logs to trigger alerts and fallback mechanisms. The lack of such events can lead to delayed responses or mismanagement of protocol operations.

Silent failures could allow critical state updates to be missed, affecting the overall reliability and trustworthiness of the protocol.

Tools Used

Manual review

Recommendations

Modify the try/catch blocks to emit a dedicated event when an external call fails. For example: