QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: low

Invalid

Miscalculation of the required array length for storing the covariance matrix in the contract of QuantammCovarianceBasedRule.sol

eta

Summary

The _setIntermediateCovariance function, responsible for initializing or updating the covariance matrix of a pool, aims to optimize gas usage by storing only the unique elements of a symmetric matrix. However, the implementation incorrectly calculates the required array length, leading to insufficient storage space or not gas optimization. This error can cause incomplete initialization, runtime errors, or inaccurate calculations during operations.

Vulnerability Details

The current implementation attempts to calculate the storage requirements for the covariance matrix as follows:

pkg/pool-quantamm/contracts/rules/base/QuantammCovarianceBasedRule.sol

function _setIntermediateCovariance(

address _poolAddress,

int256[][] memory _initialValues,

uint _numberOfAssets

) internal {

...

if ((_numberOfAssets * _numberOfAssets) % 2 == 0) {

intermediateCovarianceStates[_poolAddress] = new int256[]() / 2);

} else {

intermediateCovarianceStates[_poolAddress] = new int256[]() - 1) / 2 + 1);

}

...

The logic assumes halving the total matrix size for optimization. However, this approach miscalculates the storage length for unique covariance elements.

For a covariance matrix with n assets, the correct number of unique elements (including diagonal variances) is given by:

In contrast, the implementation uses:

This error results in insufficient array space for initialization.

Additionally, if only non-duplicated covariance elements are required, the correct length should be:

This optimized formula further reduces gas consumption by omitting redundant entries.

Impact

Incomplete Matrix Initialization
- Insufficient storage space leads to missing covariance elements during initialization.
Operational Failures
- Subsequent calculations dependent on the full covariance matrix may fail, breaking contract functionality.
Inaccurate Results
- Missing elements can cause incorrect outputs in computations involving the covariance matrix.
Gas Inefficiency
- Incorrectly allocated storage wastes gas and increases operational costs.

Tools Used

Manual Review

Recommendations

To address the issue, adjust the array length calculation based on the required storage type:

Store All Covariance Elements
Use the formula for storing all unique elements of the matrix:

uint256 requiredLength = (_numberOfAssets * (_numberOfAssets + 1)) / 2;
intermediateCovarianceStates[_poolAddress] = new int256[]();
Store Only Non-Duplicated Covariance Elements
If diagonal elements and symmetry are accounted for elsewhere, optimize gas usage by storing only non-duplicated covariance values:

uint256 requiredLength = (_numberOfAssets * (_numberOfAssets - 1)) / 2;
intermediateCovarianceStates[_poolAddress] = new int256[]();

Updates

Lead Judging Commences

n0kto Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!