QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: high

Invalid

Some users will be unable to redeem their shares for tokens

ryonen

Summary

Users have two ways to obtain a representation of their token holdings: via NFTs or via shares. To obtain an NFT, users must interact with the protocol through the Router. However, they can also acquire shares by interacting directly with the Vault, which can lead to significant issues.

Vulnerability Details

https://github.com/Cyfrin/2024-12-quantamm/blob/main/pkg/pool-hooks/contracts/hooks-quantamm/UpliftOnlyExample.sol#L471
https://github.com/Cyfrin/2024-12-quantamm/blob/main/pkg/pool-hooks/contracts/hooks-quantamm/UpliftOnlyExample.sol#L240-L262

Users who obtain their shares by interacting directly with the protocol will not receive an NFT (as the NFT is not minted in a hook and can be skipped by bypassing the Router). However, these users will hold shares in their address.

This becomes an issue because liquidity removal fees are calculated in a hook, which requires users to hold the corresponding NFT.

Impact

Affected users will be unable to redeem their shares for tokens.

Tools Used

Manual Review

Recommendations

NFT minting should be performed in a hook, and shares should always be sent to the Router.

Updates

Lead Judging Commences

n0kto Lead Judge 11 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!