Liquidity Management

Gamma

DeFiFoundry

50,000 USDC

View results

Previous Next

Submission Details

Severity: low

Invalid

Incorrect Price Conversion

ChainDefenders

Summary

The contract KeeperProxy has a vulnerability in the _check function where it incorrectly converts token prices due to an error in the calculation of the price conversion factor.

Vulnerability Details

In the _check function, the contract attempts to convert the token price to match the 8 decimal places used by Chainlink price feeds. The conversion is done using the following line:

price = price / 10 ** (decimals - 8);

However, this calculation is incorrect. For example, if a token has 18 decimals, the decimals variable would be 30 - 18 = 12. The conversion then becomes:

price = price / 10 ** (12 - 8) = price / 10 ** 4

For a price of 1e30, the converted price would be 1e26 instead of the correct 1e8.

Impact

The incorrect price conversion can lead to significant discrepancies between the actual token price and the price used for validation. This can cause the contract to incorrectly validate prices, potentially leading to incorrect execution of keeper functions, financial losses, or other unintended behaviors.

Tools Used

Manual Review

Recommendations

To fix this issue, the price conversion should be corrected to properly account for the token's decimals. The correct conversion should be:

price = price / 1e22;

Ensure that the calculation correctly adjusts the price to match the 8 decimal places used by Chainlink price feeds.

Updates

Lead Judging Commences

n0kto Lead Judge 9 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Assigned finding tags:

invalid_prices_decimals

GMX github documentation: “Prices stored within the Oracle contract represent the price of one unit of the token using a value with 30 decimals of precision. Representing the prices in this way allows for conversions between token amounts and fiat values to be simplified, e.g. to calculate the fiat value of a given number of tokens the calculation would just be: token amount * oracle price, to calculate the token amount for a fiat value it would be: fiat value / oracle price.” Sponsor confirmed the keeper does the same, so price decimals change in function of the token, to be sure the above rule is true. Example for USDC (6 decimals): Prices will have 24 decimals → 1e6 * 1e24 = 1e30. Just a reminder for some submissions: shortToken == collateralTokens, so the decimals is 1e24 for shortToken prices.

Prize pool breakdown

Total prize

50,000 USDC

nSLOC

1,910

26 USDC / LOC

High Medium

47,500

Low

2,500

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!