Reliance on tx.gasprice for Execution Fee Calculations
GmxProxy.sol
Observation:
In both createOrder and settle, the execution fee is computed as the product of the estimated gas limit (obtained via getExecutionGasLimit) and tx.gasprice. Under EIP‑1559 and in volatile gas price environments, tx.gasprice can be manipulated or may not accurately reflect the actual fee dynamics (e.g. base fee versus priority fee).
Issue Path:
Relying solely on tx.gasprice may cause significant miscalculations in the required execution fee. If the fee is undercharged, the protocol might later encounter insufficient funds to cover the order’s execution; if overcharged, it may result in excess funds being locked or unnecessarily refunded. Over many orders, such discrepancies can erode fairness and may even be exploited if an attacker can influence gas price dynamics around order creation.
Recommendation:
Incorporate a fee calculation method that accounts for the EIP‑1559 fee mechanism—differentiating between base fee and priority fee—or use an on‑chain oracle for gas price reference. This would ensure that the calculated execution fee more accurately reflects the cost of execution under current network conditions.
Lead Judging Commences
invalid_tx-gasprice_user_manipulation
If the sender does not provide enough, the transaction to create the order won't be included in the current block: no problem. If the user provides more, they will pay more: user mistake. Moreover, the `refundFee` is set to `true` only when the keeper is the caller, preventing manipulation.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.