QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: high

Invalid

Precision Loss Due to Division by `1e9` in QuantAMM's Packing and Unpacking Operations

bladesec

Title

Precision Loss Due to Division by 1e9 in QuantAMM's Packing and Unpacking Operations

Summary

The QuantAMM protocol exhibits systematic precision loss in its packing and unpacking mechanisms, particularly in QuantAMMStorage.sol, including the quantAMMPack32Array function. The issue arises due to truncation and integer division, causing significant loss of precision.

Vulnerability Details

Here's the implementation of quantAMMPack32Array function in QuantAMMStorage contract:

function quantAMMPack32Array(int256[] memory _sourceArray) internal pure returns (int256[] memory targetArray) {

...

targetArray = new int256[](targetArrayLength);

for (uint i; i < nonStickySourceLength; ) {

unchecked {

targetArray[storageIndex] = quantAMMPackEight32(

int256(_sourceArray[i] / 1e9),

int256(_sourceArray[i + 1] / 1e9),

int256(_sourceArray[i + 2] / 1e9),

int256(_sourceArray[i + 3] / 1e9),

int256(_sourceArray[i + 4] / 1e9),

int256(_sourceArray[i + 5] / 1e9),

int256(_sourceArray[i + 6] / 1e9),

int256(_sourceArray[i + 7] / 1e9)

);

i += 8;

++storageIndex;

}

...

Root Issue

General Precision Loss:
As seen above, division by 1e9 was carried out which will truncate values below certain precision thresholds, leading to loss of least significant digits and asymmetric treatment of negative values.
Precision Loss in quantAMMPack32Array:
The function performs integer division by 1e9 before packing values, causing significant truncation.
Cumulative Effects:
Losses compound over multiple operations, particularly in token balances, pool share calculations, and asset allocations, leading to misrepresentation and imbalance in pools.

Impact

Value Misrepresentation:
Original values are not accurately preserved after pack/unpack cycles, leading to incorrect calculations and allocations.
Disrupted Financial Calculations:
Loss of precision impacts token amounts, price ratios, and asset allocations, potentially causing imbalanced pools or unfair swaps.
Substantial Errors:
Smaller values are disproportionately affected, and sub-unit values are completely lost below certain precision thresholds.
Cumulative Loss:
Over multiple operations, these errors compound, affecting user balances and protocol trustworthiness.

Tools Used

Manual Review

Recommendations

Here are some possible recommendations to fix the precision issue:

Use Accurate Math: Use libraries that handle decimals better to avoid losing precision.
Round Values: Add proper rounding instead of cutting off decimals.
Increase Precision: Work with higher precision values (e.g., 1e18 instead of 1e9).
Scale Safely: Scale values up before storing and scale them back down after retrieval.
Add Extra Bits: Use available storage space to keep more precise numbers.

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Design choice

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.