QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: low

Invalid

User can bypass uplift fee even if nominal USD value of pool goes up

brgltd

Summary

It's possible for the USD value of the pool to go up while the total supply increases even further, in which case the user won't pay the uplift fee.

Vulnerability Details

The value of the LP token will compute the total USD value in the pool divided by the total supply. If the value from the moment of the withdrawal goes up compared with the value of the deposit, the user must pay a uplift fee, otherwise he must pay a minimum fee.

https://github.com/Cyfrin/2024-12-quantamm/blob/main/pkg/pool-hooks/contracts/hooks-quantamm/UpliftOnlyExample.sol#L480-L490

The value of the LP token will be the USD value of the tokens in the pool divided by the total supply.

https://github.com/Cyfrin/2024-12-quantamm/blob/main/pkg/pool-hooks/contracts/hooks-quantamm/UpliftOnlyExample.sol#L680

We are able to simulate a scenario where the USD value of the pool goes up and the user still doesn't pay the fee if the total supply increases further. For example:

// Assume we have a pool with weth and arb

// Alice deposits 10e18 weth and 2000e18 arb.

tokens = [weth, arb];

balances = [10e18, 2000e18]

prices = [3000e18, 1e18]

totalSupply = 2010e18

poolValueInUSD = (3000e18 * 10e18) + (2000e18 * 1e18) = 32000e36

lpValue = 32000e36 / 2010e18 = ~15e18

// Some time later, weth goes up 100usd and arb went down 0.5usd. Bob then deposits 1000 arb.

tokens = [weth, arb];

balances = [10e18, 3000e18]

prices = [3100e18, 0.5e18]

totalSupply = 3010e18

poolValueInUSD = (3100e18 * 10e18) + (3000e18 * 0.5e18) = 32500e18

lpValue = 32500e36 / 3010e18 = ~10e18

// Then, Alice withdraws without paying the uplift fee.

We can see the LP value went down (from ~15e18 to 10e18), but the nominal USD value in the pool went up (from 32000 USD to 32500 USD).

However, even if the nominal USD value went up, Alice didn't had to pay the uplift fee since the lp value is used to compute the uplift.

Impact

User can bypass the uplift fee and ultimately pay less to close his position.

Tools Used

Manual review.

Recommendations

Consider using the nominal USD value instead of the USD value divided by the total supply. However, If this behavior is intended, consider adding a comment in the codebase to clarity this scenario.

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago

Submission Judgement Published

Invalidated

Reason: Incorrect statement

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.