Easy Access to execution of refund
Description: For function including GmxProxy.sol::refundExecutionFee is at risk of malicious attack because there is no access control and currently empty which does not perform any actions.
Impact: the lack of implementation of logic to refund the execution fee. When this function is called. it wouldn't perform any action leading to loss of funds. Moreover GmxProxy.sol::refundExecutionFee contains a payable function which means it receives ether but on inspection, it shows that lacks handling in receiving ether. Another instance of loss of funds. Lastly the function lacks access control and can lead to anyone calling the function.
Proof of Concept:
here below is the code
It was difficult running a test on this function as no fuzzybase.sol wasn't included in the contracts. upon observation; this shows
lack of access control
no validation for eth handling
lack of implementation
Recommended Mitigation:
It is preferable ensure logic and validation in this function to stop the loss of funds or misuse.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.