QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

The `setApprovedActionsForPool` function of the `updateWeightRunner` contract does not check that the correct _action value is provided to the pool.

saurabh_singh

Summary

updateWeightRunner::setApprovedActionsForPoolfunction should only accept values from the set [1, 2, 8, 16, 32], but currently, it may allow values outside of this range

Vulnerability Details

The pool can be set to an action value that allows it to perform every action in the contract.

The approvedPoolActions values are bitwise ANDed with the MASK values [1, 2, 8, 16, 32] to check which actions the pool is approved for.

But a value like :-

The action value of `31` if set to a pool, Then he can perform any action in the pool since
31 (00011111 in binary)
31 & 1 = 1 (greater than 0)
31 & 2 = 2 (greater than 0)
31 & 8 = 8 (greater than 0)
31 & 16 = 16 (greater than 0)
31 & 32 = 32 (greater than 0)

https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-quantamm/contracts/UpdateWeightRunner.sol#L227

Impact

An incorrect action value could allow the pool to perform more actions than intended or even all the actions in the contract, potentially leading to unauthorized behavior or vulnerabilities in the protocol.

Tools Used

Manual Review

Recommendations

function setApprovedActionsForPool(address _pool, uint256 _actions) external {
require(msg.sender == quantammAdmin, "ONLYADMIN");
+require(
+ _action == 1 || _action == 2 || _action == 8 || _action == 16 || _action == 32,
+ "Unauthorized action given"
+);
approvedPoolActions[_pool] = _actions;
emit SetApprovedActionsForPool(msg.sender, _pool, _actions);
}
Updates

Lead Judging Commences

n0kto Lead Judge 11 months ago
Submission Judgement Published
Invalidated
Reason: Incorrect statement

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!