Closed github-actions[bot] closed 1 year ago
As suggested by the gmx tean the sell price of the glp token can be obtained by calling manager.getPrice(false), This is important since any liquidator liquidating an account will be receiving an equivalent amount of the underlying asset while selling glp. Also the PoC does not demonstrate any valid attack taking advantage of the mentioned issue.
Closing this issue based on Sponsor comment.
simon135
high
manager.getPrice(false)
returns lower value than if it was true,which an attacker can take advantage of itSummary
manager.getPrice(false)
returns a lower value than if it was true which is then a lower price that an attacker can take advantage of itVulnerability Detail
In the gmx docs:
Manual Review
Recommendation
return
getPrice(true)
or you can have a parm that specifies buying or selling and figure out the price that way