Price Data Initialization in Closed Position Flows
PerpetualVault.sol
Observation:
When the vault is in a “closed” state (no active GMX position), the contract creates a MarketPrices variable without explicitly initializing its fields before passing it into functions like _mint or _withdraw.
Risk:
While the current logic might not directly use these uninitialized values (because of the branch on positionIsClosed), any future change or subtle refactoring could inadvertently access uninitialized fields, leading to miscalculations. An attacker with knowledge of the code might try to force a code path where these uninitialized values are used, thereby causing an exploitable mispricing or unexpected behavior.
Recommendation:
Even in branches where the price data is “not needed,” it is safer to explicitly initialize the struct—either by fetching real-time data from a trusted source or by defining sensible default values.
Lead Judging Commences
Informational or Gas
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelihood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.