QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: high
Invalid

Mixing Lambda Parameter Validation Flaw in Weight Update Mechanism

brene

Summary

The Mixing Lambda () parameter in the MinimumVarianceUpdateRule contract is designed to control weight smoothing in a QuantAMM pool. However, the current implementation of the validParameters function does not adequately restrict values, allowing it to be equal to 0 or 1. This can lead to unintended and potentially harmful behaviors in the weight update mechanism.

Vulnerability Details

The validation logic for in the validParameters function is as follows:

function validParameters(int256[][] calldata _parameters) external pure override returns (bool) {
if (_parameters.length == 1 && _parameters[0].length >= 1) {
for (uint i; i < _parameters[0].length; ) {
>> if (_parameters[0][i] < 0 || _parameters[0][i] > ONE) {
return false;
}
unchecked {
++i;
}
}
return true;
}
return false;
}

This condition permits to take values of exactly 0 or 1. These edge cases have the following implications;
Case 1 Mixing Lambda = 0
When Λ = 0, the formula for weight updates

// w(t) = (Λ * w(t − 1)) + ((1 − Λ)*Σ^−1(t)) / N,j=1∑ Σ^−1 j(t)

simplifies to

// w(t) = Σ^−1(t)) / N,j=1∑ Σ^−1 j(t)

This ignores the previous weights (w(t-1)) entirely, and the new weights depend only on the inverse variance matrix (Σ^{-1}(t)).

Case 2 Mixing Lambda = 1
When Λ = 1, the formula simplifies to:

// w(t) = (w(t − 1))

This freezes the weights and prevents any updates based on the new data (Σ^{-1}(t)).

Impact

  1. With , sudden and unpredictable weight shifts can occur, destabilizing the pool.

  2. With , the pool becomes static and fails to adapt to new market conditions.

  3. Either scenario could result in suboptimal pricing, reducing the utility and attractiveness of the pool to users.

Tools Used

Manual Review

Recommendations

Update the validation logic for to explicitly exclude values of 0 and 1

function validParameters(int256[][] calldata _parameters) external pure override returns (bool) {
if (_parameters.length == 1 && _parameters[0].length >= 1) {
for (uint i; i < _parameters[0].length; ) {
- if (_parameters[0][i] < 0 || _parameters[0][i] > ONE) {
+ if (_parameters[0][i] <= 0 || _parameters[0][i] >= ONE) {
return false;
}
unchecked {
++i;
}
}
return true;
}
return false;
}
Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.

Give us feedback!