setWeights Allows Bypassing `absoluteWeightGuardRail` During Updates
setWeights Allows Bypassing absoluteWeightGuardRail During Updates
Code Snippets
Summary
The setWeights function in the QuantAMM contract lacks validation to ensure weights remain above the absoluteWeightGuardRail during updates, enabling invalid weights that can destabilize the pool and expose the protocol to exploits.
Vulnerability Details
While _setInitialWeights enforces a check to prevent weights below absoluteWeightGuardRail during initialization, the setWeights function has no such validation. This omission allows administrators to set weights below the threshold during updates initiated by the UpdateWeightRunner contract.
Relevant Code: _setInitialWeights enforces the minimum weight:
However, setWeights is missing similar validation. This allows weights below the threshold to be set during updates, bypassing protections enforced during initialization.
Impact
Invalid weights disrupt pool balance, impairing functionality and exposing the protocol to economic risks.
Tools Used
Manual Review
Recommendations
Add a check in setWeights to validate all weights against absoluteWeightGuardRail.
Lead Judging Commences
invalid_weights_can_be_negative_or_extreme_values
_clampWeights will check that these weights are positive and in the boundaries before writing them in storage.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.