in UpdateWeightRunner::setRuleForPool()Initial pool creation or old pools migration to new UpdateWeightRunner.sol allows immediate weight updates due to lastPoolUpdateRun being set to 0, enabling MEV bots to exploit price movements before intended update intervals take effect.
During pool initialization in QuantAMMWeightedPool.initialize(), initial weights are set and rules are configured
UpdateWeightRunner.setRuleForPool() sets lastPoolUpdateRun = 0
performUpdate() check block.timestamp - lastPoolUpdateRun >= updateInterval passes immediately
MEV bots can monitor mempool for pool creations and price movements to execute profitable arbitrage
The attack is relevant only if there are LP in the pool provided already by other users after creation, and a spike in current prices happens that will profit the MEV, making the probability slightly low
But this will be more problematic if this function is used during UpdateWeightRunner.sol new migration of pools (Pool will call this new contract to register their parameters)
Those pools will have high liquidity and more prone to value extraction
The sole Vulnerability here is UpdateInterval bypass
Immediate arbitrage opportunities during pool creation
Manual review
Set lastPoolUpdateRun = block.timestamp during setRuleForPool()
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.