L-19. Some tokens may cause `GMXEmergency:emergencyWithdraw` to revert if the withdrawn amount is 0

Submitted by mmm, dipp. Selected submission by: dipp.

Relevant GitHub Links


Tokens that don't allow 0 amount transfers could cause GMXEmergency:emergencyWithdraw to misbehave.

Vulnerability Details

When the vault is closed users may call emergencyWithdraw to withdraw a portion of tokenA/B from the vault based on their share balance.
If one of the tokens is a token that does not allow 0 amount transfers and the balance of the token in the vault is small enough to make amount to be withdrawn == 0 then emergencyWithdraw may revert and prevent the user from withdrawing.
Tokens may be sent to the vault directly so that the withdraw amount is more than 0 but unless the user is the last to withdraw, the tokens sent are shared among other users that hold shares.


Users may be unable to withdraw or need to send tokens to the vault and lose a portion of it so that withdrawing becomes possible.

Tools Used


Consider checking that the amount to withdraw is > 0 before attempting to transfer the tokens.