float-audits - Incorrect parameter ordering in function call

[sherlock-admin]

float-audits

high

Incorrect parameter ordering in function call

Summary

The ordering of parameters in function call made in updateTotalBorrowing() in PositionUtils.sol is incorrect.

Vulnerability Detail

The function call of updateTotalBorrowing() in PositionUtils.sol has a different parameter ordering to the one defined in the actual function being called in MarketUtils.sol.

More specifically, params.position.borrowingFactor() and params.position.sizeInUsd() are swapped around.

Impact

Updating the total borrowing function with incorrect parameter values would upset the internal accounting of the system and would result in loss of user funds.

Code Snippet

Loc:

• PositionUtils.sol: https://github.com/sherlock-audit/2023-02-gmx/blob/main/gmx-synthetics/contracts/position/PositionUtils.sol#L460-L474
• MarketUtils.sol: https://github.com/sherlock-audit/2023-02-gmx/blob/main/gmx-synthetics/contracts/market/MarketUtils.sol#L1773-L1793

In PositionUtils.sol

function updateTotalBorrowing(
    PositionUtils.UpdatePositionParams memory params,
    uint256 nextPositionSizeInUsd,
    uint256 nextPositionBorrowingFactor
) internal {
    MarketUtils.updateTotalBorrowing(
        params.contracts.dataStore,
        params.market.marketToken,
        params.position.isLong(),
        params.position.borrowingFactor(),
        params.position.sizeInUsd(),
        nextPositionSizeInUsd,
        nextPositionBorrowingFactor
    );
}

In MarketUtils.sol

function updateTotalBorrowing(
    DataStore dataStore,
    address market,
    bool isLong,
    uint256 prevPositionSizeInUsd,
    uint256 prevPositionBorrowingFactor,
    uint256 nextPositionSizeInUsd,
    uint256 nextPositionBorrowingFactor
) external {
    uint256 totalBorrowing = getNextTotalBorrowing(
        dataStore,
        market,
        isLong,
        prevPositionSizeInUsd,
        prevPositionBorrowingFactor,
        nextPositionSizeInUsd,
        nextPositionBorrowingFactor
    );

    setTotalBorrowing(dataStore, market, isLong, totalBorrowing);
}

Tool used

Manual Review

Recommendation

Correct the ordering of parameters in function call made in PositionUtils.sol so that it aligns to that defined in the function signature in MarketUtils.sol

[xvi10]

Fix in gmx-io/gmx-synthetics@3508caf