QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: medium

Invalid

`_clampWeights` does not consider values equal to `absoluteMin` and `absoluteMax`

hajime

Vulnerability Details

in the _clampWeights, a code fragment iterates over _weights and applies a restriction based on absoluteMin and absoluteMax, which does not take into account values equal to them, but only those outside the range, but judging by the logic of the iteration itself, this is incorrect.

function _clampWeights(

int256[] memory _weights,

int256 _absoluteWeightGuardRail

) internal pure returns (int256[] memory) {

unchecked {

uint weightLength = _weights.length;

if (weightLength == 1) {

return _weights;

}

int256 absoluteMin = _absoluteWeightGuardRail;

int256 absoluteMax = ONE -

(PRBMathSD59x18.fromInt(int256(_weights.length - 1)).mul(_absoluteWeightGuardRail));

int256 sumRemainerWeight = ONE;

int256 sumOtherWeights;

for (uint i; i < weightLength; ++i) {

if (_weights[i] < absoluteMin) {

_weights[i] = absoluteMin;

sumRemainerWeight -= absoluteMin;

} else if (_weights[i] > absoluteMax) {

_weights[i] = absoluteMax;

sumOtherWeights += absoluteMax;

}

if (sumOtherWeights != 0) {

int256 proportionalRemainder = sumRemainerWeight.div(sumOtherWeights);

for (uint i; i < weightLength; ++i) {

if (_weights[i] != absoluteMin) {

_weights[i] = _weights[i].mul(proportionalRemainder);

}

return _weights;

}

Values less than absoluteMin are first set to absoluteMin and then subtracted from sumRemainerWeight. This implies that a value already equal to absoluteMin should also be subtracted.

Values greater than absoluteMax are set to absoluteMax and added to sumOtherWeights. This suggests that an existing value of absoluteMax should be added as well.

The code iterates through the _weights array and aims to apply boundaries based on absoluteMin and absoluteMax. The error is that it focuses only on values outside the range, overlooking weights already at the boundaries.

Impact

The incorrect adjustments to sumRemainerWeight and sumOtherWeights directly lead to an imprecise weight distribution. This can skew the results of the algorithm, especially if there are multiple weights at the minimum or maximum values.

Tools Used

Manual

Recommendations

Use <= , >=

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding_clampWeights_weights_can_be_equal_to_absolute_variables

Likelihood: Low, when a weight is perfectly equal to absoluteMin or absoluteMax. Impact: Low, will skew a bit the results of weights.

Appeal created

n0kto Lead Judge

10 months ago

n0kto Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!