QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: medium
Valid

setQuantAMMUpliftFeeTake incorrect implementation

ryonen

Title

setQuantAMMUpliftFeeTake incorrect implementation

Summary

UpdateWeightRunner::setQuantAMMUpliftFeeTake is intended to modify the fee related to gains earned by users between deposit and withdrawal. However, it is improperly implemented.

Vulnerability Details

https://github.com/Cyfrin/2024-12-quantamm/blob/main/pkg/pool-quantamm/contracts/UpdateWeightRunner.sol#L141-L148

function setQuantAMMUpliftFeeTake(uint256 _quantAMMUpliftFeeTake) external {
require(msg.sender == quantammAdmin, "ONLYADMIN");
require(_quantAMMUpliftFeeTake <= 1e18, "Uplift fee must be less than 100%");
uint256 oldSwapFee = quantAMMSwapFeeTake;
quantAMMSwapFeeTake = _quantAMMUpliftFeeTake;
emit UpliftFeeTakeSet(oldSwapFee, _quantAMMUpliftFeeTake);
}

It is evident that the function assigns the value to quantAMMSwapFeeTake, which is a fee for swaps, rather than the intended quantAMMUpliftFeeTake. Furthermore, the getQuantAMMUpliftFeeTake function is also incorrect, and quantAMMUpliftFeeTake does not exist in storage.

Impact

  • Miscalculated fees.

Tools Used

Manual Review

Recommendations

Add a new storage slot for the correct fee.

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Validated
Assigned finding tags:

finding_quantAMMSwapFeeTake==quantAMMUplfitFeeTake

Likelyhood: High, calling setters or getters Impact: Low/Medium, both getters return `quantAMMSwapFeeTake` and `setQuantAMMUpliftFeeTake` modify `quantAMMUplfitFeeTake`. Real impact: those 2 values will be always the same.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!