QuantAMM

Summary

The PowerChannelUpdateRule.sol contract is vulnerable to integer overflow during power calculations, particularly when large price gradients or the q parameter are used. This can lead to incorrect weight calculations and potentially allow for manipulated trades, draining funds from the pool. Current parameter validation is insufficient to prevent extreme values that could trigger overflow.

Vulnerability Details

Integer overflow risk in power calculation

The PowerChannelUpdateRule.sol contract uses a power function _pow() inherited from PRBMathSD59x18 to calculate |1/p(t)*∂p(t)/∂t|^q. However, if the price gradient or the q parameter is too large, this calculation could result in an overflow. This is particularly dangerous since price movements can be very volatile and q is a configurable parameter.

The overflow could occur in this code section:

locals.newWeights[locals.i] = locals.sign.mul(_pow(locals.intermediateRes.abs(), locals.q));

Impact

While there are some parameter validations, they don't sufficiently protect against extreme price movements that could cause intermediateRes to be very large, or q parameters that could amplify these large values through exponentiation. An overflow here could lead to incorrect weight calculations and potentially drain funds from the pool through manipulated trades.

Tools Used

Manual Review

Recommendations

To mitigate the risk, implement stronger validation for the q parameter and price gradients, applying upper bounds to prevent extreme values.