Submitted by rvierdiiev.
Relevant GitHub Links
As protocol doesn't collect rewards from GMX in each function, these rewards can be sent to the user.
This is because protocol expects to receive rewards from GMX in form of these tokens. So amount is sent to the Trove function, so later it can be compounded.
The problem is that
withdraw functions are not the only entry point that can send these rewards to user. For example,
processDepositFailureLiquidityWithdrawal function will send whole balance to the user after repay is done.
Another example inside
processDepositCancellation function, in case if
depositParams.token is native, then whole balance is sent to user.
As after deposit or withdraw request was done, there is some delay, then during that delay rewards can come and they can be sent to the user.
Rewards are not sent to the Trove, but to the user.
I can't give good recommendation for all that cases, as GMXCallback is triggered by GMX and you can't know exactly which amount was sent. But for
processDepositCancellation function, you should not sent more than
self.depositCache.depositParams.amt. So do not withdraw whole balance, but that amount.