0xAmanda - Uncalculated gas while swapping tokens will make the keeper lose funds on withdrawals
Closed this issue · 0 comments
0xAmanda
high
Uncalculated gas while swapping tokens will make the keeper lose funds on withdrawals
Summary
While calculating the gas that is estimated for withdrawals, it does not calculate also the gas of the swapPath for none of both tokens, long and short. Those paths are addresses from the struct CreateWithdrawalParams used for creating a withdrawal.
Vulnerability Detail
The following struct is used with creating a withdrawal order:
struct CreateWithdrawalParams {
address receiver;
address callbackContract;
address market;
address[] longTokenSwapPath;
address[] shortTokenSwapPath;
uint256 marketTokenAmount;
uint256 minLongTokenAmount;
uint256 minShortTokenAmount;
bool shouldUnwrapNativeToken;
uint256 executionFee;
uint256 callbackGasLimit;
}
The following 2 params:
address[] longTokenSwapPath;
address[] shortTokenSwapPath;
are not accounted in the calculation of the gas to execute the tx.
Calculation using the withdrawal request:
uint256 estimatedGasLimit = GasUtils.estimateExecuteWithdrawalGasLimit(dataStore, withdrawal);
As you can see in the previous snippets, there is no calculation or whatsoever of the gas that will cost swapping the tokens through the previously inputted paths. Specially if the path is long, the gas used for swapping will compound charging the keeper because they were unexpected costs. These gas will be deducted directly from the contract, draining it slowly due to the missed calculation
Impact
High. The contract (the keeper)will be charged the gas that is not accounted for those swapPaths, draining the contracts native currency slowly.
Code Snippet
Tool used
Manual Review
Recommendation
Add a gas calculation for the swapPaths of both, the long and short token. Consider calculating that amount taking into account the lenght of each path, because that will increase/decrease the gas costs.
Duplicate of #195