QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: medium

Invalid

`setWeights` - Missing `updateInterval` Check Could Lead to Excessive Weight Calculation

bladesec

Title

setWeights - Missing updateInterval Check Could Lead to Excessive Weight Calculation

Summary

The setWeights function lacks a check for the updateInterval, which is typically used to enforce a minimum time gap between successive updates.
Hence, weight updates can be executed repeatedly within a short timeframe, potentially jumping excessively.

Vulnerability Details

The absence of an updateInterval check allows the setWeights function to be called multiple times without time restrictions.
This opens the possibility for rapid, unintended, or excessive updates, which could disrupt the pool's operation.

Here's the implementation of setWeights function:

function setWeights(

int256[] calldata _weights,

address _poolAddress,

uint40 _lastInterpolationTimePossible

) external override {

require(msg.sender == address(updateWeightRunner), "ONLYUPDW");

require(_weights.length == _totalTokens * 2, "WLDL"); //weight length different

if (_weights.length > 8) {

int256[][] memory splitWeights = _splitWeightAndMultipliers(_weights);

_normalizedFirstFourWeights = quantAMMPack32Array(splitWeights[0])[0];

_normalizedSecondFourWeights = quantAMMPack32Array(splitWeights[1])[0];

} else {

_normalizedFirstFourWeights = quantAMMPack32Array(_weights)[0];

}

//struct allows one SSTORE

poolSettings.quantAMMBaseInterpolationDetails = QuantAMMBaseInterpolationVariables({

lastPossibleInterpolationTime: _lastInterpolationTimePossible,

lastUpdateIntervalTime: uint40(block.timestamp)

});

emit WeightsUpdated(_poolAddress, _weights);

}

The code updates lastUpdateIntervalTime but does not validate whether a minimum time period has elapsed since the last update.

Impact

The lack of an updateInterval check can lead to:

Excessive updates: Spamming the function with repeated calls in a short time frame.
Increased gas costs: Unnecessary state changes add to operational inefficiency.
Potential instability: Rapid changes to weights could disrupt the pool's expected behavior.

Tools Used

Manual Review

Recommendations

Introduce a validation check to enforce the updateInterval. This will ensure that updates can only occur after the defined updateInterval, preventing excessive calls and maintaining efficient pool operations.

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.