Incorrect Rounding Direction in Weight Calculation Leading to Pool Insolvency Risk
Summary
A vulnerability has been identified in the calculateBlockNormalisedWeight function where incorrect rounding direction is used for negative weight multipliers. The function currently uses mulUp when calculating weight reductions:
The vulnerability stems from the mathematical implications of rounding up negative multipliers. When weights are decreasing, the function rounds up the reduction amount, causing weights to decrease more aggressively than mathematically intended. This excessive reduction compounds over time, systematically undervaluing pool assets relative to their true mathematical weights.
The economic impact manifests through arbitrage opportunities where users can extract more value than mathematically justified. For instance, when a weight should decrease by 1.5 units, the current implementation rounds up to 2 units. This 0.5 unit excessive reduction per calculation creates a cumulative deviation from the true mathematical model, potentially leading to protocol insolvency through systematic exploitation of these undervalued assets.
Recommended Mitigation Steps
The fix requires modifying the rounding direction for negative multipliers to use mulDown, ensuring conservative weight reductions that protect protocol solvency:
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.