QuantAMM

Summary

The function UpdateWeightRunner::_getData() retrieves data from the oracle and returns it to calculate updated weights. However, in edge cases, this function can return a null value or a price of 0.

Vulnerability Details

The function UpdateWeightRunner::_getData() loops through all the oracles of a token. If all the oracles return stale prices, the function reverts.

However, if there is only one oracle present for a token, the price returned can be 0 (null value).

Consider the function UpdateWeightRunner::_getData():

• If the optimized oracle returns a stale price, the function attempts to fetch the price from the value stored in the mapping poolBackupOracles[_pool][i][j].

• In cases where only a single oracle (the optimized oracle) is stored, the value of numAssetOracles = poolBackupOracles[_pool][i].length will be 1. This prevents the execution from entering the for loop due to the condition (j < numAssetOracles)=> 1<1 => false.

The problematic code section:

As a result:

• outputData[i] stores the staleness result.

• This staleness price will then be used to calculate the weights.

• Consequently, the weights will be calculated incorrectly.

Impact

Calculating the weight with a staleness price can lead to incorrect weights, potentially affecting the overall functionality of the protocol.

Tools Used

Manual review.

Recommendations

Add additional checks to handle cases where only one oracle is present. Specifically:

• Ensure the function verifies that the price is non-zero before using it in weight calculations.