QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Precision Loss in `quantAMMPack32Array` Due to Integer Division

zubyoz

Summary

The quantAMMPack32Array function in the QuantAMMStorage contract performs integer division by 1e9 on input values before packing them. This operation can lead to significant precision loss, potentially affecting the accuracy of the packed data and any subsequent calculations or operations that rely on these values.

Vulnerability Details

https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-quantamm/contracts/QuantAMMStorage.sol#L239-L248

targetArray[storageIndex] = quantAMMPackEight32(

int256(_sourceArray[i] / 1e9),

int256(_sourceArray[i + 1] / 1e9),

int256(_sourceArray[i + 2] / 1e9),

int256(_sourceArray[i + 3] / 1e9),

int256(_sourceArray[i + 4] / 1e9),

int256(_sourceArray[i + 5] / 1e9),

int256(_sourceArray[i + 6] / 1e9),

int256(_sourceArray[i + 7] / 1e9)

);

Impact

Suppose _sourceArray[i] contains the value 1,234,567,890 (1.23456789 * 1e9).

When this value is divided by 1e9 using integer division:
1,234,567,890 / 1e9 = 1

The result is 1, which when packed and later unpacked, would be interpreted as 1,000,000,000 (1 * 1e9).

This operation has effectively changed the value from 1.23456789 to 1, losing all precision after the decimal point. The relative error in this case is about 18.92%, which is significant.

If this packed value is later used in financial calculations or to determine asset allocations, it could lead to substantial discrepancies in the contract's behavior. For instance, if these values represent token amounts or price ratios, the precision loss could result in incorrect swaps, imbalanced pools, or unfair distribution of assets.

Tools Used

Manual code review

Recommendations

Use Fixed-Point Arithmetic: Implement a fixed-point arithmetic library to handle decimal values without loss of precision. This would allow for accurate representation and manipulation of values with fractional components.

Scale Values Appropriately: Instead of dividing by 1e9, consider scaling the values appropriately before storage and rescaling them after retrieval. This approach maintains precision while still allowing for efficient storage.

Use Higher Precision: If possible, use higher precision for internal calculations (e.g., 1e18 instead of 1e9) to minimize the impact of rounding errors.

Add Rounding Logic: If division is necessary, implement proper rounding logic instead of truncating. This can help mitigate some of the precision loss.

Updates

Lead Judging Commences

n0kto Lead Judge 6 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.