incorrect length check in `_setGradient` will DOS manual setting of `intermediateGradientState` after pool initialization
Summary
The UpdateWeightRunner provides a function (setIntermediateValuesManually) that allows the QuantAMM admin to manually set the intermediate variables of a rule, asides from setting the initial intermediate variables on pool initialization , it can also be used as a break-glass feature to set/reset the intermediate variables of a rule if necessary.
The issue is that the length check in the function QuantAMMGradientBasedRule::_setGradient function is incorrect and will prevent usage of this feature
Vulnerability Details
In QuantAMMGradientBasedRule::_setGradient
The issue is that intermediateGradientStates is a packed array with length = numberOfAssets/2 whereas initialValues is an array with length = numberOfAssets. This means that the function will always revert when storeLength is not 0(i.e. when pool is already initialized).
Impact
Medium - Break-glass feature, where the QuantAMM admin can manually set the intermediate gradients, will be unusable
Tools Used
Manual Review
Recommendations
Lead Judging Commences
Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions
Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.
Appeal created
finding_setGradient_unusable_length_stored_new_values_are_different
Impact: Medium/High, the breakglass function is unusable. Likelihood: Low/Medium, when `setIntermediateValuesManually` is called by the admin to correct the intermediate values in case of any problem.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.