QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: high

Valid

`_calculateQuantAMMVariance` will fail if numberOfAssets is odd and lambda is a vector

sunnykitten143

Summary

Function _calculateQuantAMMVariance will fail if numberOfAssets is odd and lambda is a vector.

Vulnerability Details

The function _calculateQuantAMMVariance is implemented as follows:

if (_poolParameters.lambda.length == 1) {

//scalar parameters mean the calculation is simplified and even if it increases function and

//contract size it decrease gas computed given iterative design tests

if (locals.notDivisibleByTwo) {

unchecked {

--locals.nMinusOne;

}

for (uint i; i < locals.nMinusOne; ) {

// ...

}

// ...

} else {

//vector parameter calculation is the same but we have to keep track of and access the right vector parameter

// @@audit: forget to --locals.nMinusOne

for (uint i; i < locals.nMinusOne; ) {

// ...

}

if (locals.notDivisibleByTwo) {

unchecked {

++locals.nMinusOne;

locals.convertedLambda = int256(_poolParameters.lambda[locals.nMinusOne]); // will fail

locals.oneMinusLambda = ONE - locals.convertedLambda;

}

The key issue here is that when lambda is a scalar and numberOfAssets is an odd number, --locals.nMinusOne; is executed, but when lambda is a vector, this logic is missed. Finally, after ++locals.nMinusOne;, the access to _poolParameters.lambda[locals.nMinusOne] will be failed(out of index), causing function to be reverted.

Impact

Function _calculateQuantAMMVariance will fail.

Tools Used

None

Recommendations

Put the logic of --locals.nMinusOne; at the beginning of the function.

if (locals.notDivisibleByTwo) {

unchecked {

--locals.nMinusOne;

}

if (_poolParameters.lambda.length == 1) {

// ...

} else {

// ...

}

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding_calculateQuantAMMVariance_revert_when_vector_lambda_and_odd_asset_number

Likelihood: Medium/High, odd asset number + lambda is a vector. Impact: Medium/High, DoS the update.

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!