QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Blacklisting Vulnerability

freesultan

Summary

The QuantAMM protocol does not address the risks posed by tokens with blacklisting capabilities (e.g., USDC, USDT). If a token issuer blacklists a pool’s smart contract address, all interactions with that token (swaps, withdrawals, and deposits) are disrupted, leading to frozen funds and non-functional pools.

Vulnerability Details

Tokens with blacklisting functionality allow their issuers to freeze transactions involving specific blockchain addresses:

  • A token issuer (e.g., Circle for USDC) could blacklist the address of a pool's smart contract, freezing all USDC in the pool.

  • This would halt swaps, weight adjustments, and liquidity withdrawals involving USDC, effectively breaking the pool's functionality.

  • QuantAMM does not have mechanisms to detect blacklisting or replace frozen tokens, making pools dependent on issuer compliance.

Impact

Frozen Funds:

  • Liquidity providers (LPs) cannot withdraw their deposits involving the blacklisted token.

  • Example: If Circle blacklists a USDC-ETH pool, all USDC in the pool becomes inaccessible.

Protocol Downtime:

  • Pools containing the blacklisted token become non-functional.

  • Weight updates and swaps fail, disrupting the protocol’s core operations.

Cascading Failures:

  • A single blacklisted token in a multi-token pool could render the entire pool unusable.

Proof of Concept (PoC)

  1. Create a Pool:

    • A USDC-ETH pool is deployed with the following parameters:

      • Initial weights: 50% USDC, 50% ETH.

      • Swap fee: 0.3%.

    • Users interact with the pool as follows:

      • Alice deposits $1,000 USDC.

      • Bob deposits 1 ETH.

  2. Swapping and Liquidity Provisioning:

    • Users perform swaps and provide liquidity normally.

  3. USDC Issuer Blacklists the Pool Address:

    • Circle blacklists the pool's smart contract address.

    • All USDC in the pool becomes frozen and inaccessible.

Impact:

  • Failed Withdrawals:

    • Alice tries to withdraw her $1,000 in USDC but receives an error because the pool cannot transfer frozen USDC.

    • Alice’s funds are permanently locked.

  • Failed Swaps:

    • Bob tries to swap ETH for USDC but the transaction fails because USDC is frozen.

  • Operational Disruption:

    • The pool cannot adjust weights or handle swaps, rendering it effectively broken.

Tools Used

Manual Code Review

Recommendations

For example, maintain a mapping that tracks blacklisting status per token and replacement upon detection:

mapping(address => mapping(address => bool)) public isBlacklistedByToken; // token => pool => status
// Function to handle token-level blacklisting
function handleTokenBlacklist(address token, bool status) external {
require(msg.sender == quantammAdmin, "ONLYADMIN");
isBlacklistedByToken[token][address(this)] = status;
if (status) {
emit TokenPoolBlacklisted(token, address(this));
_replaceBlacklistedToken(token);
} else {
emit TokenPoolUnblacklisted(token, address(this));
}
}
function _replaceBlacklistedToken(address token) internal {
address replacement = replacementToken[token];
require(replacement != address(0), "Replacement not set");
// Find the index of the blacklisted token
uint256 index = _findTokenIndex(token);
require(index < assets.length, "Token not found in pool");
// Replace the token
assets[index] = IERC20(replacement);
// Adjust weights accordingly to maintain invariants
_adjustWeightsOnReplacement(index, token, replacement);
emit TokenReplaced(token, replacement);
}
function _adjustWeightsOnReplacement(uint256 index, address oldToken, address newToken) internal {
//...
}

Incorporate a pausing mechanism to halt all pool operations if a critical blacklisting event occurs, preventing further disruptions.

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Out of scope

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.