QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: low

Invalid

The `updateWeightRunner::performUpdate` function has an unchecked return array inside the function.

saurabh_singh

Summary

The updateWeightRunner::performUpdate function do not handle return of an array data from _performUpdateAndGetData

Vulnerability Details

https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-quantamm/contracts/UpdateWeightRunner.sol#L293

There is an internal call to _performUpdateAndGetData inside the updateWeightRunner::performUpdate function, which returns a data array. However, the returned data is neither stored nor used, making the function inefficient and potentially missing important information.

https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-quantamm/contracts/UpdateWeightRunner.sol#L419

function _performUpdateAndGetData(

address _poolAddress,

PoolRuleSettings memory _ruleSettings

@>> ) private returns (int256[] memory) {

uint256[] memory currentWeightsUnsigned = IWeightedPool(_poolAddress).getNormalizedWeights();

int256[] memory currentWeights = new int256[]();

for (uint i; i < currentWeights.length; ) {

currentWeights[i] = int256(currentWeightsUnsigned[i]);

unchecked {

i++;

}

(int256[] memory updatedWeights, int256[] memory data) = _getUpdatedWeightsAndOracleData(

_poolAddress,

currentWeights,

_ruleSettings

);

_calculateMultiplerAndSetWeights(

CalculateMuliplierAndSetWeightsLocal({

currentWeights: currentWeights,

updatedWeights: updatedWeights,

updateInterval: int256(int40(_ruleSettings.timingSettings.updateInterval)),

absoluteWeightGuardRail18: int256(int64(_ruleSettings.absoluteWeightGuardRail)),

poolAddress: _poolAddress

})

);

@>> return data;

}

function performUpdate(address _pool) public {

//Main external access point to trigger an update

address rule = address(rules[_pool]);

require(rule != address(0), "Pool not registered");

PoolRuleSettings memory settings = poolRuleSettings[_pool];

require(

block.timestamp - settings.timingSettings.lastPoolUpdateRun >= settings.timingSettings.updateInterval,

"Update not allowed"

);

uint256 poolRegistryEntry = approvedPoolActions[_pool];

if (poolRegistryEntry & MASK_POOL_PERFORM_UPDATE > 0) {

@>> _performUpdateAndGetData(_pool, settings);

// emit event for easier tracking of updates and to allow for easier querying of updates

emit UpdatePerformed(msg.sender, _pool);

} else {

revert("Pool not approved to perform update");

}

Impact

The unchecked return can cause insufficient data to be stored and returned, potentially leading to incomplete or incorrect information being used in further operations.

Tools Used

Manual Review

Recommendations

store the returned array and return it to user as needed.

Updates

Lead Judging Commences

n0kto Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!