QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

Unsanitized NewPoolParams. Protocol functionality and Pool deployment disruption.

theirrationalone

Summary

In the QuantAMMWeightedPoolFactory contract, there's functions to create and deploy Pools with and without params. Both functions are missing sanitization of NewPoolParams members. Missing sanitization could break the overall protocol's functionality and pools creation and deployment.

Vulnerability Details

QuantAMMWeightedPoolFactory::createWithoutArgs:

function createWithoutArgs(NewPoolParams memory params) external returns (address pool) {
@> // @info: missing params sanitization
if (params.roleAccounts.poolCreator != address(0)) {
revert StandardPoolWithCreator();
}
.
.
...
}

QuantAMMWeightedPoolFactory::create:

function create(NewPoolParams memory params) external returns (address pool, bytes memory poolArgs) {
@> // @info: missing params sanitization
if (params.roleAccounts.poolCreator != address(0)) {
revert StandardPoolWithCreator();
}
.
.
...
}

Impact

  1. Protocol's Functionality Disruption.

  2. Pools creation and deployment failure.

Tools Used

Manual review

Recommendations

Please add required proper important PoolParams member values santization checks to ensure all members values are good and legit.

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Too generic
Assigned finding tags:

Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!