logo
Steadefi Documentation
/
Security
/
Audits
/
Codehawks Public Audit Mitigation Report

L-19. Some tokens may cause `GMXEmergency:emergencyWithdraw` to revert if the withdrawn amount is 0

Submitted by mmm, dipp. Selected submission by: dipp.

Relevant GitHub Links

https://github.com/Cyfrin/2023-10-SteadeFi/blob/main/contracts/strategy/gmx/GMXEmergency.sol#L162-L202

Summary

Tokens that don't allow 0 amount transfers could cause GMXEmergency:emergencyWithdraw to misbehave.

Vulnerability Details

When the vault is closed users may call emergencyWithdraw to withdraw a portion of tokenA/B from the vault based on their share balance.
If one of the tokens is a token that does not allow 0 amount transfers and the balance of the token in the vault is small enough to make amount to be withdrawn == 0 then emergencyWithdraw may revert and prevent the user from withdrawing.
Tokens may be sent to the vault directly so that the withdraw amount is more than 0 but unless the user is the last to withdraw, the tokens sent are shared among other users that hold shares.

Impact

Users may be unable to withdraw or need to send tokens to the vault and lose a portion of it so that withdrawing becomes possible.

Tools Used

Recommendations

Consider checking that the amount to withdraw is > 0 before attempting to transfer the tokens.
M-28. Users may cost additional interest
M-05. Emergency Closed Vault Can Be Paused Then Resume
Powered by Notaku
Share
Content
L-19. Some tokens may cause `GMXEmergency:emergencyWithdraw` to revert if the withdrawn amount is 0
Relevant GitHub Links
Summary
Vulnerability Details
Impact
Tools Used
Recommendations