Inconsistent Weight Validation Between Vector and Scalar Calculations
Summary
The weight calculation implementation shows an inconsistency in validation between vector and scalar modes. The vector calculation enforces positive weights through a require statement, while the scalar calculation lacks this validation despite this difference not being specified in the whitepaper.
This issue arises both in DifferenceMomentumUpdateRule.sol
and ChannelFollowingUpdateRule.sol
Vulnerability Details
In the vector calculation mode (kappaStore.length > 1), there's an explicit check that ensures weights remain positive:
However, in the scalar calculation mode (kappaStore.length == 1), this validation is missing:
This logic is not justified by the whitepaper this behavior not being documented in the whitepaper opena possibility of revert or wrong calculation for negative weights that can lead to bad returns
Impact
While not immediately exploitable, this inconsistency could lead to:
Unexpected negative weights in scalar mode
Different behavior between scalar and vector modes
Protocol behavior that deviates from whitepaper specifications
Potential economic implications if negative weights affect pool operations
Tools Used
Manual Review
Recommendations
Add the same validation to scalar mode to ensure consistency and robust tests for such case
Lead Judging Commences
invalid_weights_can_be_negative_or_extreme_values
_clampWeights will check that these weights are positive and in the boundaries before writing them in storage.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.