Callback function may fail even with valid callback handler addresses
Summary
The call back functions- afterOrderExecution and afterOrderCancellation uses the modifier validCallback to check if the caller is a valid call back handler. The issue here is that there could be more than one valid handler for each role, and more so, new version of handlers could be deployed.
Vulnerability Details
The GMX documentation states that ...it is also possible for two handlers to temporarily exist at the same time, e.g. OrderHandler(1), OrderHandler(2)... However, the modifier validCallback only checked for only one address for each of the role.
Impact
Callback functions will fail, which is part of the core functionality of the entire Gamma protocol.
Tools Used
Manual review
Recommendations
Create an updateHandler function to include future valid handlers or use the recommendation from GMX: a possible solution would be to validate the role of the msg.sender in the RoleStore, e.g. RoleStore.hasRole(msg.sender, Role.CONTROLLER), this would check that the msg.sender is a valid handler
Lead Judging Commences
finding_multiple_orderHandler_not_allowed_by_proxy
Likelihood: Low, when multiple orderHandler exist at the same time. Impact: High, some orders won’t trigger `afterOrderExecution` when they should, until the migration is complete. Leading to DoS and no share minted. Deploying a new proxy won’t change anything during all the “migration” since you cannot know which handler will respond.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.