QuantAMM

Summary

The computeBalance function exhibits inconsistent handling of timestamps that could lead to serious calculation errors. The function uses block.timestamp in two different ways:

1. Cast to uint40: uint40 multiplierTime = uint40(block.timestamp)

2. Raw uint256: if (block.timestamp >= lastInterpolationTime)

This inconsistent type handling creates a potential vulnerability where the timestamp comparison and the actual value used in calculations could disagree. Since lastInterpolationTime is stored as a uint40, but compared against the full uint256 block.timestamp, the function could enter incorrect logic branches when timestamps exceed uint40 maximum value (approximately 35 years).

https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-quantamm/contracts/QuantAMMWeightedPool.sol#L193

The impact of this bug manifests in several ways. First, weight calculations could use incorrect time intervals due to the mismatch between timestamp representations. This directly affects the pool's balance computations, potentially leading to incorrect pricing for trades. The weight adjustment mechanism, which is fundamental to the pool's operation, could malfunction as it relies on accurate time measurements for interpolation. This vulnerability is particularly severe because it affects core pool operations including swaps and liquidity management.

Recommended Mitigation Steps

To address this vulnerability, the code should be modified to ensure consistent timestamp handling throughout the function. This involves standardizing the use of uint40 for all timestamp operations. The function should first cast the block.timestamp to uint40 and use this value consistently for all comparisons and calculations.

The recommended implementation should handle timestamps as follows:

Additionally, documentation should be added to clarify the uint40 usage and its implications for timestamp handling.