QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: low

Invalid

Non-immutable values being assigned in the constructor of an initializable contract

ryonen

Summary

QuantAMMWeightedPool is an initializable contract, suggesting it is designed to be used via proxies. However, it is assigning non-immutable variables in its constructor, which would leave those values empty when accessed through the proxy.

Vulnerability Details

https://github.com/Cyfrin/2024-12-quantamm/blob/main/pkg/pool-quantamm/contracts/QuantAMMWeightedPool.sol#L96
https://github.com/Cyfrin/2024-12-quantamm/blob/main/pkg/pool-quantamm/contracts/QuantAMMWeightedPool.sol#L88
https://github.com/Cyfrin/2024-12-quantamm/blob/main/pkg/pool-quantamm/contracts/QuantAMMWeightedPool.sol#L74
https://github.com/Cyfrin/2024-12-quantamm/blob/main/pkg/pool-quantamm/contracts/QuantAMMWeightedPool.sol#L175-L190

Non-immutable variables should be assigned during the initialize() function to ensure the proxy can access these values.

Impact

Some critical function calls could fail when executed through a proxy.

Tools Used

Manual Review

Recommendations

Assign these variables during the initialize() function.

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!