Lack of Normalized Weight Invariant Check in setWeights Function
Summary
The setWeights function fails to enforce the normalized weight invariant, which ensures that the sum of weights equals FixedPoint.ONE.
This check is present in the _setInitialWeights function but is missing in setWeights, creating a significant inconsistency.
Without this check, invalid weight updates can disrupt the pool’s behavior, potentially causing incorrect balance calculations and trading operations.
Vulnerability Details
In the _setInitialWeights function, the contract ensures the sum of weights equals FixedPoint.ONE:
However, in the setWeights function, there is no equivalent check to validate the updated weights:
The lack of this validation means that the weights could sum to a value other than FixedPoint.ONE, breaking the invariant that the pool depends on for its calculations.
Impact
The absence of normalized weights can lead to invalid balance calculations, disrupting the pool's trading and weight adjustment logic.
Recommendations
To address this vulnerability, add a validation check in the setWeights function to ensure the sum of weights equals FixedPoint.ONE
Lead Judging Commences
invalid_sum_of_weights_can_exceeds_one_no_guard
According the sponsor and my understanding, sum of weights does not have to be exactly 1 to work fine. So no real impact here. Please provide a PoC showing a realistic impact if you disagree. This PoC cannot contains negative weights because they will be guarded per clampWeights.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.