QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: medium

Valid

Wrong calculation in `_clampWeights()`

cipher27

Summary

The _clampWeights() calculates the weights incorrectly.

Vulnerability Details

In _clampWeights(), it normalizes the weights that the sum is ONE and each weight is between absoluteMin and absoluteMax.

function _clampWeights(

int256[] memory _weights,

int256 _absoluteWeightGuardRail

) internal pure returns (int256[] memory) {

unchecked {

uint weightLength = _weights.length;

if (weightLength == 1) {

return _weights;

}

int256 absoluteMin = _absoluteWeightGuardRail;

int256 absoluteMax = ONE -

(PRBMathSD59x18.fromInt(int256(_weights.length - 1)).mul(_absoluteWeightGuardRail));

int256 sumRemainerWeight = ONE;

int256 sumOtherWeights;

for (uint i; i < weightLength; ++i) {

if (_weights[i] < absoluteMin) {

_weights[i] = absoluteMin;

sumRemainerWeight -= absoluteMin;

} else if (_weights[i] > absoluteMax) {

_weights[i] = absoluteMax;

sumOtherWeights += absoluteMax;

} //@audit otherwise, don't add??

}

if (sumOtherWeights != 0) {

int256 proportionalRemainder = sumRemainerWeight.div(sumOtherWeights);

for (uint i; i < weightLength; ++i) {

if (_weights[i] != absoluteMin) {

_weights[i] = _weights[i].mul(proportionalRemainder);

}

return _weights;

}

But while calculating sumOtherWeights, it's not updated when the weight is between absoluteMin and absoluteMax.
So sumOtherWeights will be smaller than the expected sum. (sum of all elements except for the min weights)
After applying the proporation, the weight sum will be larger than ONE.

Impact

The _weights will be calculated incorrectly in _clampWeights().

Recommendations

Recommend modifying like this.

for (uint i; i < weightLength; ++i) {

if (_weights[i] < absoluteMin) {

_weights[i] = absoluteMin;

sumRemainerWeight -= absoluteMin;

} else if (_weights[i] > absoluteMax) {

_weights[i] = absoluteMax;

sumOtherWeights += absoluteMax;

}

+ else {

+ sumOtherWeights += _weights[i];

+ }

}

Updates

Lead Judging Commences

n0kto Lead Judge 10 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding_clampWeights_normalizeWeightUpdates_incorrect_calculation_of_sumOtherWeights_proportionalRemainder

Likelihood: Medium/High, when a weight is above absoluteMax. Impact: Low/Medium, weights deviate much faster, and sum of weights also.

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.