Skip to content
This repository was archived by the owner on Sep 24, 2023. It is now read-only.

023.md

Latest commit

 

History

History
25 lines (16 loc) · 897 Bytes

023.md

File metadata and controls

25 lines (16 loc) · 897 Bytes

bearonbike

high

Excess native token could be locked forever

Summary

In ExchangeRouter.sendWnt function, excess native token could be locked in the contract.

Vulnerability Detail

In ExchangeRouter.sendWnt function, msg.value could greater than the amount of native token that user want to deposit in Wnt contract, since there is not function for return funds, excess native token could be locked in the contract forever.

Impact

Funds could be locked forever, so i think it is a high severity vulnerability.

Code Snippet

https://github.com/sherlock-audit/2023-02-gmx/blob/main/gmx-synthetics/contracts/router/ExchangeRouter.sol#L94-L97 https://github.com/sherlock-audit/2023-02-gmx/blob/main/gmx-synthetics/contracts/token/TokenUtils.sol#L88-L105

Tool used

Manual Review

Recommendation

Return excess native token to sender or use msg.value instead of "amount" parameter.