Duplicate Import of ScalarQuantAMMBaseStorage
Summary
If ScalarQuantAMMBaseStorage contains state variables, importing it more than once can lead to storage collisions. This can cause unexpected behavior, such as overwritten variables or inconsistent state management.
Vulnerability Details
The QuantAMMWeightedPool contract contains a duplicate import statement for the ScalarQuantAMMBaseStorage contract from the same file. Specifically, the contract imports
State variables may be unintentionally overwritten, leading to inconsistent or corrupted contract states.
Impact
Importing the ScalarQuantAMMBaseStorage contract twice can lead to storage collisions. If ScalarQuantAMMBaseStorage contains state variables, duplicating its import may cause overlapping storage slots. This overlap can corrupt the contract's state, leading to unpredictable behavior, incorrect data retrieval, and potential vulnerabilities where critical state variables are inadvertently altered or bypassed.
Tools Used
Recommendations
liminate one of the duplicate import statements for ScalarQuantAMMBaseStorage to ensure it is imported only once.
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.