0xAmanda - Incorrect calculation of the value in the pool
Closed this issue · 0 comments
0xAmanda
medium
Incorrect calculation of the value in the pool
Summary
On the way to calculate the entire pool value, GMX is including the fees that the user that borrows funds has to pay to the address in feeReceiver in the pool value
Vulnerability Detail
The specific line where this happens is:
cache.value += Precision.applyFactor(cache.totalBorrowingFees, cache.borrowingFeeReceiverFactor);
As you can see, they add the borrowing fees to the cache.value (pool value basically). To specify, those borrowing fees are distributed between the feeReceiver and the pool, therefore here shows better that the fees that will go to feeReceiver, shouldn't be accounted inside pool value.
Impact
Incorrectly handles the real balance from the pool because those funds do not really belong to the pool.
Therefore it affects the accounting while depositing and withdrawing:
Code Snippet
Tool used
Manual Review
Recommendation
Make a distinction between the borrowing fees that go to the pool and the ones that go to feeReceiver, therefore only accounting the fees that will go to the pool as pool value
Duplicate of #131