When QuantAMMWeightedPool.sol is deployed the owner passes params which contains params.poolDetails and in constructor it checks the length of params.poolDetails if it is <= 50 but the issue is that when it loops for(uint256 i; i < params.poolDetails.length; i++) it checks only from index 0 to index 49 so in simple words if params.poolDetails length is 50 the last element will not be Checked.
If the last index of the array contains invalid or malicious data, the following risks may arise:
Unchecked invalid data could lead to incorrect processing or unexpected behavior.
Fix params.poolDetails.length to < 50 instead of <= 50.
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.