QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: high

Valid

Missing not divisble by two

ChainDefenders

Summary

In _calculateQuantAMMVariance the notDivisibleByTwo if case is not added in the else case. In this situation logic will be not correct and it will calculate wrong results.

Vulnerability Details

During the calculations in _calculateQuantAMMVariance, there are two situations where lambda array is with 1 length and lambda array is with more than 1 elements. If the length is 1, everything is calculated correctly, even for array with odd number of elements due to this logic.

if (locals.notDivisibleByTwo) {

unchecked {

--locals.nMinusOne; // ok

}

...

if (locals.notDivisibleByTwo) {

unchecked {

++locals.nMinusOne;

}

locals.intermediateState =

locals.convertedLambda.mul(locals.intermediateVarianceState[locals.nMinusOne]) +

(_newData[locals.nMinusOne] - _poolParameters.movingAverage[locals.n + locals.nMinusOne])

.mul(_newData[locals.nMinusOne] - _poolParameters.movingAverage[locals.nMinusOne])

.div(TENPOWEIGHTEEN); // p(t) - p̅(t - 1))_i * (p(t) - p̅(t))_i

locals.intermediateVarianceState[locals.nMinusOne] = locals.intermediateState;

locals.finalState[locals.nMinusOne] = locals.oneMinusLambda.mul(locals.intermediateState);

intermediateVarianceStates[_poolParameters.pool][locals.storageIndex] = locals

.intermediateVarianceState[locals.nMinusOne];

}

The same logic should be used in the else case when the len of lambdas is more than 1. It is partially the same, but the first if statement is missing. This will lead to incorrect computations.

Impact

Logic will revert in the second if stament, due to element out of bound and not correct logic.

Tools Used

Manual review

Recommendations

Add the following code into the begging of the else case:

if (locals.notDivisibleByTwo) {

unchecked {

--locals.nMinusOne;

}

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago

Submission Judgement Published

Validated

Assigned finding tags:

finding_calculateQuantAMMVariance_revert_when_vector_lambda_and_odd_asset_number

Likelihood: Medium/High, odd asset number + lambda is a vector. Impact: Medium/High, DoS the update.

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.