QuantAMM

QuantAMM
49,600 OP
View results
Submission Details
Severity: low
Invalid

Potential data loss, unchecked array length in `_calculateQuantAMMMovingAverage` could silently omit provided data

Summary

Input validation gap in _calculateQuantAMMMovingAverage allows mismatched array lengths, where _newData.length can exceed _numberOfAssets.

Impact

Function is only callable by updateWeightRunner, limiting this to an admin error like scenario. Could lead to unintended data omission if admin provides mismatched arrays.

PoC:

Add exposedCalculateQuantAMMMovingAverage in pkg/pool-quantamm/contracts/mock/mockRules/MockUpdateRule.sol

function exposedCalculateQuantAMMMovingAverage(
int256[] memory _prevMovingAverage,
int256[] memory _newData,
int128[] memory _lambda,
uint _numberOfAssets
) public pure returns (int256[] memory) {
return _calculateQuantAMMMovingAverage(_prevMovingAverage, _newData, _lambda, _numberOfAssets);
}

And testMismatchedArrayLengthsPoC in pkg/pool-quantamm/test/foundry/rules/UpdateRule.t.sol then run the test ;)

function testMismatchedArrayLengthsPoC() public {
uint NUM_ASSETS = 2;
int256[] memory newData = new int256[]();
newData[0] = 2e18;
newData[1] = 2e18;
newData[2] = 9999e18; // Ignored silently
updateRule.exposedCalculateQuantAMMMovingAverage(
prevMovingAverage,
newData,
lambda,
NUM_ASSETS
);
}

Recommendation

Add explicit validation:

require(_newData.length == _numberOfAssets, "Invalid data length");
Updates

Lead Judging Commences

n0kto Lead Judge 5 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.