QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: medium
Invalid

Payment will always fail in the uplift only example contract

gbadebosmith

Summary

The payable functions addLiquidityProportional and removeLiquidityProportional fail to process Ether payments. The root cause is the absence of a receive() or fallback() function, which are required to accept Ether sent to the contract.

Vulnerability Details

Affected Functions
https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-hooks/contracts/hooks-quantamm/UpliftOnlyExample.sol#L219-L286

addLiquidityProportional
removeLiquidityProportional

Issue
These functions are declared as payable but do not have an associated receive() or fallback() function at the contract level. In Solidity, any Ether sent to a contract without these functions will revert the transaction. Consequently, attempts to use these functions with Ether will always fail.

Vulnerable Code

function addLiquidityProportional(
address pool,
uint256[] memory maxAmountsIn,
uint256 exactBptAmountOut,
bool wethIsEth,
bytes memory userData
) external payable returns (uint256[] memory amountsIn) {
// Function logic
}
function removeLiquidityProportional(
uint256 bptAmountIn,
uint256[] memory minAmountsOut,
bool wethIsEth,
address pool
) external payable returns (uint256[] memory amountsOut) {
// Function logic
}

Impact

Transactions involving Ether sent to addLiquidityProportional or removeLiquidityProportional will revert, preventing intended liquidity operations.

Tools Used

Manual code review.

Recommendations

Add the receive function to resolve this lack of fallback issue.

receive() external payable {}
Updates

Lead Judging Commences

n0kto Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!