IllIllI - Insufficient funding fee rounding protection

[sherlock-admin]

IllIllI

medium

Insufficient funding fee rounding protection

Summary

Since funding fees may be small when there isn't much price movement, the code has a feature to keep track of partial amounts when the chargeable fee rounds down to zero. This isn't enough when the fee is 1.X times the minimum value.

Vulnerability Detail

If the funding fee is 0.9, the code correctly stores it until the fee is greater than one. If the funding fee is 1.9, the code ignores the 0.9 part. If 0.9 was enough of a fee to track in the first case, it should also be large enough for the second case.

Impact

Funding fees are not fully paid when they should be, which may cause liquidations down the line, or less profit than there should be.

Code Snippet

The code accounts for the special case of the amount rounding down to zero when the factor is applied, but doesn't account for fractional amounts when the amount is greater than one:

// File: gmx-synthetics/contracts/market/MarketUtils.sol : MarketUtils.getFundingFeeAmount()   #1

1237        function getFundingFeeAmount(
1238            int256 latestFundingAmountPerSize,
1239            int256 positionFundingAmountPerSize,
1240            uint256 positionSizeInUsd
1241        ) internal pure returns (bool, int256) {
1242            int256 fundingDiffFactor = (latestFundingAmountPerSize - positionFundingAmountPerSize);
1243            int256 amount = Precision.applyFactor(positionSizeInUsd, fundingDiffFactor);
1244    
1245 @>         return (fundingDiffFactor != 0 && amount == 0, amount);
1246:       }

https://github.com/sherlock-audit/2023-02-gmx/blob/main/gmx-synthetics/contracts/market/MarketUtils.sol#L1237-L1246

Tool used

Manual Review

Recommendation

Track fractional amounts even when the amount is not equal to zero

[xvi10]

Fix in https://github.com/gmx-io/gmx-synthetics/pull/115