QuantAMM
QuantAMM
49,600 OP
View results
Previous Next
Submission Details
Severity: low
Invalid

precision loss in QuantammMathGuard contract.

triangulum

Summary

In the process of normalizing weights in QuantammMathGuard contract, precision loss will occur in the computation of the delta change in weight.

Vulnerability Details

In the function _normalizeWeightUpdates in QuantammMathGuard.sol, whenever the absolute change in the weights exceeds _epsilonMax, rescaling of the weight is done. The process here comprises of division followed by multiplication which will result in the loss of precision. In the end, it is ensured that the weights are normalized and their sum is ‘1’. In some cases, due to rounding issues, this sum may be off by 1e18 which is accordingly added/subtracted to the weight of the first asset in the pool.

https://github.com/Cyfrin/2024-12-quantamm/blob/a775db4273eb36e7b4536c5b60207c9f17541b92/pkg/pool-quantamm/contracts/rules/base/QuantammMathGuard.sol#L95-L106

if (maxAbsChange > _epsilonMax) {
int256 rescaleFactor = _epsilonMax.div(maxAbsChange);
for (uint i; i < _newWeights.length; ++i) {
int256 newDelta = (_newWeights[i] - _prevWeights[i]).mul(rescaleFactor);
_newWeights[i] = _prevWeights[i] + newDelta;
newWeightsSum += _newWeights[i];
}
} else {
for (uint i; i < _newWeights.length; ++i) {
newWeightsSum += _newWeights[i];
}
}

Tools Used

Manual review

Recommended Mitigation

Consider replacing the aforementioned piece of code with

for (uint i; i < _newWeights.length; ++i) {
if (maxAbsChange > _epsilonMax) {
int256 newDelta = (_newWeights[i] - _prevWeights[i]).mul(_epsilonMax).div(maxAbsChange);
_newWeights[i] = _prevWeights[i] + newDelta;
newWeightsSum += _newWeights[i];
}
} else {
newWeightsSum += _newWeights[i];
}
Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago
Submission Judgement Published
Invalidated
Reason: Non-acceptable severity
Assigned finding tags:

invalid_sum_of_weights_can_exceeds_one_no_guard

According the sponsor and my understanding, sum of weights does not have to be exactly 1 to work fine. So no real impact here. Please provide a PoC showing a realistic impact if you disagree. This PoC cannot contains negative weights because they will be guarded per clampWeights.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.