Replay protection for failed transactions
Summary
The Perpetual Vault Protocol does not have explicit protections against replay attacks for failed transactions.
Vulnerability Details
The GmxProxy and PerpetualVault contracts do not implement mechanisms to prevent replay attacks on failed transactions. This could allow an attacker to replay a failed transaction and potentially cause unintended effects.
Impact
An attacker could replay a failed transaction, potentially causing the contract to execute unintended actions or consume unnecessary gas.
Tools Used
Manual code review
Recommendations
Implement nonce-based transaction protection or use EIP-712 for signed transactions to prevent replay attacks. Ensure that failed transactions cannot be replayed by tracking and validating transaction hashes.
Lead Judging Commences
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.