QuantAMM

Vulnerability Detail

The QuantAMMMathMovingAverage contract implements an exponential moving average calculation for price updates. The critical calculation occurs in _calculateQuantAMMMovingAverage():

The implementation uses fixed-point arithmetic with PRBMath's SD59x18, where values are scaled by 1e18. However, the order of operations in this calculation can lead to significant precision loss when dealing with large price values or extreme lambda parameters.

The issue arises because:

1. The subtraction _newData[i] - movingAverageI is performed first

2. This difference is then multiplied by oneMinusLambda

3. Finally, the result is added to movingAverageI

If _newData[i] and movingAverageI are large numbers, their difference might still be significant in absolute terms but could lose precision after the fixed-point multiplication with oneMinusLambda. This precision loss can be exploited by an attacker to manipulate the moving average in their favor.

For example:

• If _newData[i] = 1e24 (1,000,000 * 1e18)

• movingAverageI = 1e24 - 1e20

• oneMinusLambda = 0.1 * 1e18
  The calculation will lose significant digits in the multiplication step, potentially leading to an incorrect moving average.

Impact

Moving average calculations can be manipulated through precision loss, leading to incorrect price updates and potential economic attacks.

Recommendation

Restructure the calculation to minimize precision loss by rearranging the operations: