M-15. GMXVault can stop working in case if GMX will change `Keys.MAX_CALLBACK_GAS_LIMIT` to smaller than 2 millions

Submitted by rvierdiiev, inzinko, 0xffchain. Selected submission by: rvierdiiev.

Relevant GitHub Links


Keys.MAX_CALLBACK_GAS_LIMIT is configurable param inside GMX protocol, which can be changed to value that is smaller than 2 millions. As Steadefi doesn't callback gas limit is hardcoded, deposits and withdraws can fail.

Vulnerability Details

GMXWorker library is used to send requests directly to GMX protocol. It contains addLiquidity and removeLiquidity functions that will create request on GMX and will be waiting for execution. Both these functions set 2 millions of gas as callbackGasLimit.
When deposit or withdraw request is handled on GMX side, then callbackGasLimit is validated to be not bigger than it's allowed. Keys.MAX_CALLBACK_GAS_LIMIT value is configurable and can be changed by GMX team. And in case if it will be less than 2 million, then all deposits and withdraws requests from steadefi will be reverted.
I leave this as medium severity, because of the fact that callback limit should be decreased first in order to create problems.


Deposits and withdraws from steadefi will be blocked.

Tools Used



Make callbackGasLimit to be configurable.