QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: medium

Valid

The `updateWeightRunner` contract has two pairs of functions with the same implementation and functionality. [`setQuantAMMSwapFeeTake` -- `setQuantAMMUpliftFeeTake`] and [`getQuantAMMSwapFeeTake` -- `getQuantAMMUpliftFeeTake`]

saurabh_singh

Summary

The updateWeightRunner contract has two pairs of functions ->

[setQuantAMMSwapFeeTake -- setQuantAMMUpliftFeeTake] and

[getQuantAMMSwapFeeTake -- getQuantAMMUpliftFeeTake]

with exact same functionality.

Vulnerability Details

Pair 1 [setQuantAMMSwapFeeTake -- setQuantAMMUpliftFeeTake]
have same implementation => They both update the same quantAMMSwapFeeTakevariable but the name of function and the event emitted by them is different.

@>pair 1 function setQuantAMMSwapFeeTake(uint256 _quantAMMSwapFeeTake) external override {

require(msg.sender == quantammAdmin, "ONLYADMIN");

require(_quantAMMSwapFeeTake <= 1e18, "Swap fee must be less than 100%");

uint256 oldSwapFee = quantAMMSwapFeeTake;

quantAMMSwapFeeTake = _quantAMMSwapFeeTake;

emit SwapFeeTakeSet(oldSwapFee, _quantAMMSwapFeeTake);

}

/// @notice Set the quantAMM uplift fee % amount allocated to the protocol for running costs

/// @param _quantAMMUpliftFeeTake The new uplift fee % amount allocated to the protocol for running costs

@>pair 1 function setQuantAMMUpliftFeeTake(uint256 _quantAMMUpliftFeeTake) external{

require(msg.sender == quantammAdmin, "ONLYADMIN");

require(_quantAMMUpliftFeeTake <= 1e18, "Uplift fee must be less than 100%");

uint256 oldSwapFee = quantAMMSwapFeeTake;

quantAMMSwapFeeTake = _quantAMMUpliftFeeTake;

emit UpliftFeeTakeSet(oldSwapFee, _quantAMMUpliftFeeTake);

}

pair 2 [getQuantAMMSwapFeeTake -- getQuantAMMUpliftFeeTake]

have different name but return same variable quantAMMSwapFeeTake.

@>pair 2 function getQuantAMMSwapFeeTake() external view override returns (uint256) {

return quantAMMSwapFeeTake;

}

/// @notice Get the quantAMM uplift fee % amount allocated to the protocol for running costs

@>pair 2 function getQuantAMMUpliftFeeTake() external view returns (uint256){

return quantAMMSwapFeeTake;

}

Impact

If the other function in each pair performs different work, the impact will be critical, as a major functionality could be missing from the contract.
If both functions perform the same work with no additional functionality, it can still confuse the user or caller, and cause ambiguity with the emitted events, leading to potential issues in understanding the contract's behavior.

Tools Used

manual review

Recommendations

If the function in each pair is redundant, remove one of the functions from each pair to reduce unnecessary complexity and avoid confusion.
If both functions in a pair have different work, implement the missing functionality in the other function as needed, ensuring both functions contribute to the intended behavior of the contract without redundancy.

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding_quantAMMSwapFeeTake==quantAMMUplfitFeeTake

Likelyhood: High, calling setters or getters Impact: Low/Medium, both getters return `quantAMMSwapFeeTake` and `setQuantAMMUpliftFeeTake` modify `quantAMMUplfitFeeTake`. Real impact: those 2 values will be always the same.

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!