Relevant GitHub Links
Summary
When a particular user deposit, if it is a case of executing processDepositCancellation after failing to add mobility. But the GMX callback is delayed for a period of time, during which the interest on the borrowed money will be borne by the user already in the vault, which is clearly unfair.
Vulnerability Details
When the processDepositCancellation function is executed, the repayment amounts are borrowTokenAAmt and borrowTokenBAmt. However, if there is a large delay in the GMX callback and more interest has been incurred, this interest is borne by the user in the vault. This situation, if it happens from time to time, accumulates to be a loss for the borrowing user.
plain textfunction processDepositCancellation( GMXTypes.Store storage self ) external { GMXChecks.beforeProcessDepositCancellationChecks(self); // Repay borrowed assets GMXManager.repay( self, self.depositCache.borrowParams.borrowTokenAAmt, self.depositCache.borrowParams.borrowTokenBAmt );
The same applies to other cases where repayment is made after borrowing but there may be delays during the period.
Impact
Users who borrow may pay more in interest.
Tools Used
manual