while creating deposit, fee can be deducted in wrong manner if initialToken is not final token
Summary
while creating deposit, fee can be deducted in wrong manner if initialToken is not final token
Vulnerability Detail
if (market.longToken == wnt) {
initialLongTokenAmount -= params.executionFee;
} else if (market.shortToken == wnt) {
initialShortTokenAmount -= params.executionFee;
here, there is implied assumption that longToken == initialLongTokenAmount which is not always true, they might be completly different tokens and have different decimals
hack3r-0m
high
while creating deposit, fee can be deducted in wrong manner if initialToken is not final token
Summary
while creating deposit, fee can be deducted in wrong manner if initialToken is not final token
Vulnerability Detail
here, there is implied assumption that
longToken==initialLongTokenAmountwhich is not always true, they might be completly different tokens and have different decimalsImpact
wrong amount of execution fee deducted
Code Snippet
https://github.com/sherlock-audit/2023-02-gmx/blob/main/gmx-synthetics/contracts/deposit/ExecuteDepositUtils.sol#L392
Tool used
Manual Review
Recommendation
convert to WNT or deduct fee after swap takes place
Duplicate of #205