QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: medium

Invalid

Missing Pause Window End Time Initialization

sabit

Summary

The QuantAMM protocol fails to initialize the pauseWindowEndTime during pool creation or initialization. This timestamp, which defines when pause capabilities should expire, remains unset in both QuantAMMWeightedPoolFactory.sol and QuantAMMWeightedPool.sol.

Vulnerability Details

The pause window functionality is managed through the Vault's PoolConfig struct:

* @param pauseWindowEndTime Timestamp after which the pool cannot be paused

* @param isPoolRegistered If true, the pool has been registered with the Vault

* @param isPoolInitialized If true, the pool has been initialized with liquidity, and is available for trading

* @param isPoolPaused If true, the pool has been paused (by governance or the pauseManager)

* @param isPoolInRecoveryMode If true, the pool has been placed in recovery mode, enabling recovery mode withdrawals

struct PoolConfig {

LiquidityManagement liquidityManagement;

uint256 staticSwapFeePercentage;

uint256 aggregateSwapFeePercentage;

uint256 aggregateYieldFeePercentage;

uint40 tokenDecimalDiffs;

uint32 pauseWindowEndTime;

bool isPoolRegistered;

bool isPoolInitialized;

bool isPoolPaused;

bool isPoolInRecoveryMode;

}

https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/interfaces/contracts/vault/VaultTypes.sol#L34C2-L52C1

Looking at both create and createWithoutArgs functions in QuantAMMWeightedPoolFactory.sol, pauseWindowEndTime timestamp was never set.

https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-quantamm/contracts/QuantAMMWeightedPoolFactory.sol#L131C4-L173C2

https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-quantamm/contracts/QuantAMMWeightedPoolFactory.sol#L85C5-L126C1

Also, pauseWindowEndTime was never set in the initialize function in QuantAMMWeightedPool.sol:

function initialize(

int256[] memory _initialWeights,

PoolSettings memory _poolSettings,

int256[] memory _initialMovingAverages,

int256[] memory _initialIntermediateValues,

uint _oracleStalenessThreshold

) public initializer {

// No pauseWindowEndTime set

}

https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-quantamm/contracts/QuantAMMWeightedPool.sol#L694C5-L717C6

Impact

This means there's no enforcement of when the pause capability expires despite being provided for by the contract.

Tools Used

Manual review

Recommendations

pauseWindowEndTime should be enforced since there is provision for it.

Updates

Lead Judging Commences

n0kto Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!