computeBalance function, QuantAMMWeightedPool.sol
Summary
The computeBalance function contains an unchecked subtraction operation that may result in arithmetic underflow when multiplierTime is less than lastUpdateIntervalTime, leading to incorrect calculations and potential misbehavior.
Vulnerability Details
The function is not checking if multiplierTime is greater than or equal timeSinceLastUpdate.
Impact
Incorrect Calculations: Underflow results in wrong timeSinceLastUpdate, leading to inaccurate balance computations.
Disruption: The pool may calculate invalid balances.
Exploit Potential: Manipulated timestamps could cause unexpected pool behavior.
Tools Used
Manual review
Recommendations
Add a require statement to ensure multiplierTime >= lastUpdateIntervalTime before the unchecked block.
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.