QuantAMM

Summary

The QuantAMMStorage abstract contract includes logic for packing two 128-bit integers into a 256-bit integer, which is used for efficient storage of moving averages. However, the contract lacks a corresponding unpacking function, despite its NatSpec documentation explicitly mentioning it provides logic for both packing and unpacking 128-bit integers. The absence of an unpacking function can lead to potential limitations, increased complexity, and inefficiencies when handling stored values that require decomposition for further operations.

Vulnerability Details

The QuantAMMStorage contract contains the following:

• NatSpec Documentation:
  The NatSpec documentation states, "Contains the logic for packing and unpacking storage slots with 128-bit integers," which suggests the contract is designed to support both packing and unpacking.

• Implemented Functionality:
  A _quantAMMPackTwo128 function is present, allowing two 128-bit integers to be packed into a single 256-bit integer. However, there is no corresponding unpacking function to extract the two 128-bit integers from the packed value.

• Usage Context:
  The movingAverages mapping in the QuantAMM system relies on packed 256-bit integers to store two 128-bit values. These stored values are frequently used in downstream computations, where accessing the individual components is necessary. Without an unpacking function, developers must manually implement logic to extract these values, increasing complexity, potential for errors, and maintenance overhead.

Impact

• Misalignment with Design Intent:
  The absence of an unpacking function contradicts the stated design goal of the contract as per its NatSpec documentation.

• Reduced Code Efficiency and Clarity:
  Without a centralized unpacking function, developers must manually implement unpacking logic repeatedly across various parts of the protocol, leading to redundant code and reduced maintainability.

• Increased Risk of Errors:
  Manually implementing unpacking logic increases the likelihood of errors, which could lead to incorrect calculations or protocol behaviour.

• Gas Inefficiency:
  Manual unpacking logic implemented repeatedly across the protocol can lead to increased gas costs compared to using a single, optimized unpacking function.

Tools Used

Manual Review

Recommendations

• Implement a Dedicated Unpacking Function:
  Add an internal function to the QuantAMMStorage contract for unpacking a 256-bit integer into two 128-bit integers.

  +function _quantAMMUnpackTwo128(int256 packed)internal pure

  + returns (int128 leftInt, int128 rightInt)

  +{

  + leftInt = int128(packed >> 128);

  + rightInt = int128(packed);

  +}

• Update Documentation:
  Ensure the NatSpec documentation reflects the inclusion of the unpacking function and provides guidance on its intended use.

• Refactor Code to Use Centralized Logic:
  Replace any existing manual unpacking implementations with calls to the centralized unpacking function. This ensures consistency and reduces the risk of errors.

The lack of an unpacking function in the QuantAMMStorage contract creates misalignment with the design intent, increases the complexity of dependent components, and poses risks to the efficiency and correctness of the protocol. Implementing a centralized unpacking function addresses these issues and aligns the contract with its stated design goals.