The `QuantammCovarianceBasedRule::_calculateQuantAMMCovariance` returns a two dimensional array with a wrong dimension
Summary
The QuantammCovarianceBasedRule::_calculateQuantAMMCovariance function returns a two dimensional array of size n*n by n instead of a two dimensional array of size n by n for a pool with n parameters
Vulnerability Details
The vulnerability lies here where on line 59, the two dimensional array newState is initialized with a dimension of locals.nsquared which is previously defined on line 53 as locals.n * locals.n. The affected code is also displayed below:
Impact
Any functions that depend on the return value of QuantammCovarianceBasedRule::_calculateQuantAMMCovariance could run into issues if the dimensions of the two dimensional array are needed for some decision taking. Moreover, only the first locals.n rows of the array are filled with non-zero values while the remaining locals.nsquared - locals.n rows only contain zeros.
Tools Used
Manual Review
Foundry
Recommendations
Consider modifying QuantammCovarianceBasedRule::_calculateQuantAMMCovariance as below:
Lead Judging Commences
finding__calculateQuantAMMCovariance_return_a_array_with_incorrect_size
Likelihood: Informational/Very Low: Used nowhere at the moment but function in scope. Impact: Low, returns an array with an unexpected length, with a lot of element set to 0.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.