Denial of Service in setWeights Function Due to Length Check Mismatch
Summary
This report identifies a Denial of Service (DoS) vulnerability in the setWeights function of the QuantAMM contract. The issue arises from a mismatch in the length check for _weights between the _setInitialWeights and setWeights functions. This discrepancy prevents legitimate updates to weights and can lock the QuantAMM administrator out of performing critical updates.
Vulnerability Details
In the _setInitialWeights function, the InputHelpers.ensureInputLengthMatch function enforces _weights.length == _totalTokens. This ensures that the _weights array matches the total number of tokens during initialization.
In the setWeights function, there is a requirement that _weights.length == _totalTokens * 2. This is inconsistent with the initialization logic, as _weights.length was initially set to _totalTokens.
This check will always fail because _weights.length was never designed to be twice the _totalTokens during initialization. Consequently, the setWeights function cannot proceed.
When an administrator attempting to update weights using setWeights will encounter the require statement failure. Since _weights.length cannot satisfy the condition _totalTokens * 2, the function will revert, effectively locking the ability to update weigh
Impact
This issue causes a Denial of Service (DoS) for the QuantAMM administrator or authorized parties attempting to call the setWeights function. Without the ability to update weights, the pool parameters cannot be adjusted, potentially leading to financial losses or operational inefficiencies for the protocol.
Tools Used
Manual review
Recommendations
Update the setWeights function to match the initialization logic. Replace:
with:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.