M-17. In case if withdraw has failed, then processWithdrawFailure will decrease exchange rate of GMXVault shares

Submitted by rvierdiiev.

Relevant GitHub Links


In case if user has executed withdrawal and it was not accepted by Steadefi, then processWithdrawFailure will then put withdrawn amount back to GMX and will loose on slippage, however user will still have same shares amount.

Vulnerability Details

When user withdraws, then he provides shares amount, and the appropriate lpAmt is calculated to be withdrawn from GMX. Then in case if such withdrawal will fail, for example because user is not happy with amount that was received after withdrawal, then call will revert, which means that system will go to Withdraw_Failed state. Note, that in this case, user's shares will not be burnt, as it's done only, when withdraw has succeeded.
So what we have now. We have executed withdrawal with some slippage, so our total assets has decreased a bit. What will be done next. We will call processWithdrawFailure function, which will deposit back all received funds and we will again face some slippage. But user will steal have same shares amount. As result we have lost funds on 2 actions with slippage, which means that all stakers of GMXVault had a loss.


Stakers of the pool have a loss in case of failed withdrawals.

Tools Used



Maybe it can be better, to burn shares even when deposit has failed and then recalculate shares amount after liquidaity is added back to GMX.