M-28. Users may cost additional interest

Submitted by Drynooo.

Relevant GitHub Links


When a particular user deposit, if it is a case of executing processDepositCancellation after failing to add mobility. But the GMX callback is delayed for a period of time, during which the interest on the borrowed money will be borne by the user already in the vault, which is clearly unfair.

Vulnerability Details

When the processDepositCancellation function is executed, the repayment amounts are borrowTokenAAmt and borrowTokenBAmt. However, if there is a large delay in the GMX callback and more interest has been incurred, this interest is borne by the user in the vault. This situation, if it happens from time to time, accumulates to be a loss for the borrowing user.
plain text
function processDepositCancellation( GMXTypes.Store storage self ) external { GMXChecks.beforeProcessDepositCancellationChecks(self); // Repay borrowed assets GMXManager.repay( self, self.depositCache.borrowParams.borrowTokenAAmt, self.depositCache.borrowParams.borrowTokenBAmt );
The same applies to other cases where repayment is made after borrowing but there may be delays during the period.


Users who borrow may pay more in interest.

Tools Used