QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: low

Invalid

Precision loss due to casting from `int256` to `int128` in `_quantAMMPack128Array` Function

zubyoz

Summary

The _quantAMMPack128Array function in the QuantAMMStorage contract contains a potential precision loss issue when casting an int256 value to int128 and back to int256. This can lead to incorrect values being stored, which may affect the contract's financial calculations and state integrity.

Vulnerability Details

https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-quantamm/contracts/QuantAMMStorage.sol#L328

Line of Affected Code:

targetArray[storageIndex] = int256(int128(_sourceArray[sourceArrayLength - 1]));
This issue occurs in the _quantAMMPack128Array function when handling an array with an odd length. The last element of the _sourceArray is cast to int128 and then back to int256.

The original value, _sourceArray[sourceArrayLength - 1], is of type int256. When cast to int128, any value outside the range of int128 (-2^127 to 2^127 - 1) will be truncated. This truncation results in a loss of precision, and the value is then cast back to int256, but the original value cannot be recovered.
What Is the Effect:
The precision loss can lead to data corruption, fund loss, incorrect contract state, and potential exploitability. If the value represents a financial metric, truncation could lead to significant discrepancies, affecting the contract's operations and security.

Impact

The precision loss issue can have a high impact on the contract's functionality and security. It can lead to fund loss, incorrect state representation, and potential exploitation by attackers. The issue is particularly severe because once precision is lost, it cannot be recovered, leading to permanent errors in the contract's operation.

Tools Used

Manual

Recommendations

Range Checks: Implement range checks to ensure that values fit within the int128 range before casting. This can prevent truncation and precision loss.

int256 lastArrayItem = _sourceArray[sourceArrayLength - 1];
require(
(lastArrayItem >= type(int128).min) && (lastArrayItem <= type(int128).max),
"Last array element too large for int128"
);
targetArray[storageIndex] = lastArrayItem;

Avoid Unnecessary Casting: Where possible, avoid casting between different integer sizes, especially for financial values.

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.