QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

Unvalidated Pool Details Array in QuantAMM Factory

sabit

Summary

The QuantAMMWeightedPoolFactory contract accepts an unbounded two-dimensional string array (poolDetails) without implementing validations.

Vulnerability Details

// In pool creation functions:
pool = _create(abi.encode(
QuantAMMWeightedPool.NewPoolParams({
// ... other fields
poolDetails: params.poolDetails, // Raw usage without validation
poolRegistry: params.poolRegistry
}),
getVault()
), params.salt);

https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-quantamm/contracts/QuantAMMWeightedPoolFactory.sol#L103

https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-quantamm/contracts/QuantAMMWeightedPoolFactory.sol#L148

There is no limit check on outer and inner array length. Also, there is no check if poolDetails is an empty string.

Impact

poolDetails could be empty and can have unpredictable array sizes.

Tools Used

Recommendations

Define fixed array sizes and check that poolDetails is not empty.

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!