Stuck or Mismanaged Flow State (Denial-of-Service)
PerpetualVault.sol
Observation:
The contract uses a global flow state (with helper modifier _noneFlow) to ensure that no new deposit/withdraw or signal change actions occur while a flow is in progress. Many functions (deposit, withdraw, run, runNextAction) revert if flow != FLOW.NONE.
Risk:
If a flow gets “stuck”—for example, due to a failed GMX callback or an off-chain keeper failing to complete its actions—the contract remains locked. This would prevent any new deposits, withdrawals, or signal changes from occurring, effectively freezing the vault. An attacker (or even an unlucky user) might trigger such a stuck state to cause a denial-of-service, delaying fund movements until an administrator intervenes.
Recommendation:
Implement additional timeout logic or an emergency reset function (secured by multi-sig or time locks) that can recover from a stuck flow. This would allow the contract to exit an incomplete flow without compromising funds.
Lead Judging Commences
Suppositions
There is no real proof, concrete root cause, specific impact, or enough details in those submissions. Examples include: "It could happen" without specifying when, "If this impossible case happens," "Unexpected behavior," etc. Make a Proof of Concept (PoC) using external functions and realistic parameters. Do not test only the internal function where you think you found something.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.