QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: low

Invalid

Incorrect sign for checking Weights.

0xwsecteam

Summary

The comment says Weight must be less than 1 which means weight can be set to 1e18 but the logic doesn't allow 1e18, it reverts if weight is 1e18.

Vulnerability Details

File: https://github.com/Cyfrin/2024-12-quantamm/blob/main/pkg/pool-quantamm/contracts/UpdateWeightRunner.sol#L581

The current check in the code:

function setWeightsManually(

int256[] calldata _weights,

address _poolAddress,

uint40 _lastInterpolationTimePossible,

uint _numberOfAssets

) external {

for (uint i; i < _weights.length; i++) {

if (i < _numberOfAssets) {

require(_weights[i] > 0, "Negative weight not allowed");

|>> require(_weights[i] < 1e18, "greater than 1 weight not allowed");

}

the logic doesn't allow _weights[i] to be 1e18 which is not intended.

Impact

This could lead to unexpected behavior.

Recommendations

Update the validation to ensure weights are strictly less than 1e18.

function setWeightsManually(

int256[] calldata _weights,

address _poolAddress,

uint40 _lastInterpolationTimePossible,

uint _numberOfAssets

) external {

uint256 poolRegistryEntry = QuantAMMWeightedPool(_poolAddress).poolRegistry();

if (poolRegistryEntry & MASK_POOL_OWNER_UPDATES > 0) {

require(msg.sender == poolRuleSettings[_poolAddress].poolManager, "ONLYMANAGER");

} else if (poolRegistryEntry & MASK_POOL_QUANTAMM_ADMIN_UPDATES > 0) {

require(msg.sender == quantammAdmin, "ONLYADMIN");

} else {

revert("No permission to set weight values");

}

//though we try to keep manual overrides as open as possible for unknown unknows

//given how the math library works weights it is easiest to define weights as 18dp

//even though technically G3M works of the ratio between them so it is not strictly necessary

//CYFRIN L-02

for (uint i; i < _weights.length; i++) {

if (i < _numberOfAssets) {

require(_weights[i] > 0, "Negative weight not allowed");

- require(_weights[i] < 1e18, "greater than 1 weight not allowed");

+ require(_weights[i] <= 1e18, "greater than 1 weight not allowed");

}

IQuantAMMWeightedPool(_poolAddress).setWeights(_weights, _poolAddress, _lastInterpolationTimePossible);

emit SetWeightManual(msg.sender, _poolAddress, _weights, _lastInterpolationTimePossible);

}

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.