QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

Deposit limit discrepancy

avci

Summary

In UpliftOnlyExample.sol contract, the comment mentions the user is restricted to only be able to deposit 100 times.

// The user is restricted to 100 deposits to avoid Ddos issues.

However, the code allows users to deposit 101 times, which differs from the comment and documentation.

Vulnerability Details

In the addLiquidityProportional() function:

function addLiquidityProportional(
address pool,
uint256[] memory maxAmountsIn,
uint256 exactBptAmountOut,
bool wethIsEth,
bytes memory userData
) external payable saveSender(msg.sender) returns (uint256[] memory amountsIn) {
if (poolsFeeData[pool][msg.sender].length > 100) {
revert TooManyDeposits(pool, msg.sender);
}
}

https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-hooks/contracts/hooks-quantamm/UpliftOnlyExample.sol#L226-L228

We can see the if() condition will revert when the current deposit length is greater than 100.

Let's imagine this scenario:

  • Alice already has 100 deposits.

  • She deposits once again.

  • The if() condition will check if her deposits are more than 100 or not.

  • Because it's 100, and it doesn't meet the revert condition, the function does not revert.

  • Now Alice has 101 deposits.

Impact

Different behavior from the code comment and documentation.

Tools Used

Manual Review

Recommendations

- if (poolsFeeData[pool][msg.sender].length > 100) {
+ if (poolsFeeData[pool][msg.sender].length >= 100) {
revert TooManyDeposits(pool, msg.sender);
}
Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

invalid_Uplift_101_deposit_strict_equal

Only 1 more NFT won’t have any impact. Informational.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.