The `QuantAMMWeightedPool::setWeights` function lacks a check to ensure that the sum of weights equals `FixedPoint.ONE` (1e18).
Summary
The QuantAMMWeightedPool::setWeights function does not have a check to ensure that the sum of the manually set weights is equal to FixedPoint.ONE. And Also lack the absoluteWeightGuardRail check.
Vulnerability Details
The setWeightsManually function of updateWeightRunner sets the weights in the QuantAMMWeightedPool manually by calling the QuantAMMWeightedPool::setWeights.
Neither the QuantAMMWeightedPool::setWeights function nor the setWeightsManually function check that the sum of the weights is equal to FixedPoint.ONE (i.e., 1e18).
The documentation of the protocol suggests that the sum of the initial weights should total 1e18 (FixedPoint.ONE). However, this check is not implemented in the QuantAMMWeightedPool::setWeights or setWeightsManually functions.
And Also lack the absoluteWeightGuardRail check. As checked in _setInitialWeightsinternal function.
Impact
If the weights are set in a way that does not sum to FixedPoint.ONE (i.e., 1e18), it will cause calculation errors and unintended behavior in the protocol in the future.
Tools Used
Manual Review
Recommendations
Add the following to check the sum is equal to 1e18 (FixedPoint.ONE).
Lead Judging Commences
invalid_sum_of_weights_can_exceeds_one_no_guard
According the sponsor and my understanding, sum of weights does not have to be exactly 1 to work fine. So no real impact here. Please provide a PoC showing a realistic impact if you disagree. This PoC cannot contains negative weights because they will be guarded per clampWeights.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.