ctf_sec
high
Redeem on GMX can be blocked because of cooldown duration limit on redeem and unstake on GMX side
In the current integration, the code integrate with the GMX reward router integrate with 4 methods:
/// @notice mintAndStakeGlpETH(uint256 _minUsdg,uint256 _minGlp)
bytes4 constant mintAndStakeGlpETH = 0x53a8aa03;
/// @notice mintAndStakeGlp(address _token,uint256 _amount,uint256 _minUsdg,uint256 _minGlp)
bytes4 constant mintAndStakeGlp = 0x364e2311;
/// @notice unstakeAndRedeemGlp(address _tokenOut,uint256 _glpAmount,uint256 _minOut,address _receiver)
bytes4 constant unstakeAndRedeemGlp = 0x0f3aa554;
/// @notice unstakeAndRedeemGlpETH(uint256,uint256,address)
bytes4 constant unstakeAndRedeemGlpETH = 0xabb5e5e2;However, according to the documentation of the GMX:
https://gmxio.gitbook.io/gmx/contracts#transferring-staked-glp
Since there is a 15 min cooldown duration after minting GLP,
The 'GlpManager' contract of GMX has a 'cooldownDuration' limit on redeem/unstake ('_removeLiquidity()'). While there is at least one deposit/stake ('_addLiquidity()') operation in the past 'cooldownDuration' time, redemption would fail. Obviously this limitation is user-based, and 'PirexGmx' contract is one such user.
Current setting of 'cooldownDuration' is 15 minutes, the max value is 2 days.Due to this limit, a user can keep deposit and mint for 1 WEI and block deposit.
UnStakeAndRedeem function can be blocked because of the GMX cooldown period.
Manual Review
We canCall function should not only check if the signature match but also should check if the last deposit timestamp to make sure no malicious user keep calling the stake with small amount to block redeem function.