Relevant GitHub Links
Summary
In case if user has executed withdrawal and it was not accepted by Steadefi, then
processWithdrawFailure will then put withdrawn amount back to GMX and will loose on slippage, however user will still have same shares amount.Vulnerability Details
When user withdraws, then he provides shares amount, and the appropriate
lpAmt is calculated to be withdrawn from GMX. Then in case if such withdrawal will fail, for example because user is not happy with amount that was received after withdrawal, then call will revert, which means that system will go to Withdraw_Failed state. Note, that in this case, user's shares will not be burnt, as it's done only, when withdraw has succeeded.So what we have now. We have executed withdrawal with some slippage, so our total assets has decreased a bit.
What will be done next. We will call
processWithdrawFailure function, which will deposit back all received funds and we will again face some slippage. But user will steal have same shares amount.
As result we have lost funds on 2 actions with slippage, which means that all stakers of GMXVault had a loss.Impact
Stakers of the pool have a loss in case of failed withdrawals.
Tools Used
VsCode
Recommendations
Maybe it can be better, to burn shares even when deposit has failed and then recalculate shares amount after liquidaity is added back to GMX.