QuantAMM

Description

The _calculateQuantAMMCovariance function in QuantAMMCovarianceBasedRule.sol implements an exponentially weighted moving average (EWMA) covariance calculation incorrectly. The function is meant to calculate A(t) = λA(t-1) + (1-λ)(p(t) - p̅(t-1))(p(t) - p̅(t))' but applies the scaling factor (1-λ) to the entire expression rather than just the outer product term.

https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-quantamm/contracts/rules/base/QuantammCovarianceBasedRule.sol#L47

This applies (1-λ) to both terms, effectively calculating:
(λA(t-1) + (p(t) - p̅(t-1))(p(t) - p̅(t))'/1e18)(1-λ)

Impact

The impact of this scaling error is severe and far-reaching within the QuantAMM protocol's risk management system. At its core, the incorrect scaling of the EWMA covariance calculation distorts the protocol's ability to accurately assess and respond to market conditions.

The scaling error manifests in the weight adjustment mechanism, where each covariance update compounds the error of previous calculations. Since the EWMA covariance is used as a key input for determining optimal pool weights, the distorted values lead to systematically incorrect weight adjustments. This is particularly problematic because the protocol relies on these calculations to maintain its core value proposition of MEV resistance and impermanent loss mitigation.

The mathematical implications cascade through multiple layers of the protocol. The covariance matrices, being fundamental to risk assessment, become progressively more inaccurate with each update cycle. This distortion is amplified in pools with more assets, as the higher-dimensional covariance matrices compound the error across more relationships. The protocol's guard rails and safety mechanisms, while helpful, cannot fully mitigate the underlying mathematical inconsistency.

The financial impact manifates through suboptimal trading boundaries and weight adjustments. LPs are particularly vulnerable as their positions may be rebalanced based on flawed risk metrics. In larger pools or those with more volatile assets, this could lead to significant deviation from optimal weight distributions. The protocol's MEV resistance mechanisms may also be compromised as the incorrect covariance calculations could create exploitable patterns in weight adjustments.

Systemically, this issue affects every pool utilizing covariance-based rules, creating a protocol-wide vulnerability. The interconnected nature of DeFi protocols means that these mathematical inaccuracies could propagate through the broader ecosystem, especially in scenarios involving complex trading strategies or arbitrage across multiple pools. Given that accurate risk assessment is fundamental to the protocol's operation, this error undermines its ability to function as intended and could lead to substantial financial losses for participants.

The severity is particularly high because this isn't just a localized calculation error - it's a fundamental flaw in the protocol's risk assessment infrastructure that compounds over time and affects core functionality across all covariance-based pools.

Recommended Mitigation Steps

Correct the implementation to properly apply scaling: