Summary

In the onSwap function the variables.lastUpdateIntervalTime is a variable that stores the timestamp of the last update to the interpolation logic for token weight. The onSwap function does not update variables.lastUpdateIntervalTime after executing a swap.

• Over time, the omission can lead to stale data because:

  • The function will continue to use an outdated lastUpdateIntervalTime, leading to incorrect calculations for timeSinceLastUpdate.

Vulnerability Details

Example Scenario

1. Initial State:

• The last update was at timestamp T0.

• A user performs a swap at timestamp T1, but the function does not update variables.lastUpdateIntervalTime.

1. Subsequent Swaps:

• The next swap occurs at timestamp T2.

• The elapsed time is incorrectly calculated as (T2 - T0) instead of (T2 - T1) because lastUpdateIntervalTime was not updated after the first swap.

• The Interpolation logic calculates token weights based on incorrect elapsed time.

• The swap prices diverge from the intended behavior, leading to unfair trades.

Impact

1. Economic Inefficiency:

• Trades executed with stale weights result in mispriced swaps.

• Traders may receive more or fewer tokens than they should, creating imbalances.

1. Protocol Instability:

• Over time, stale weights can destabilize the pool, leading to reduced trust and participation.

1. Liquidity Provider Loss:

• LPs bear the cost of unfair trades due to incorrect weight calculations.

• This reduces their incentives to participate in the pool.

Tools Used

Manual review and testing

Recommendations

Update variables.lastUpdateIntervalTime after each swap