QuantAMM

49,600 OP

View results

Previous Next

Submission Details

Severity: low

Invalid

Flawed Conditional in `_setInitialMovingAverages` Function May Result in Unintended Initialization of movingAverages.

bladesec

Title

Flawed Conditional in _setInitialMovingAverages Function May Result in Unintended Initialization of movingAverages.

Summary

The _setInitialMovingAverages function contains a flawed conditional statement using an OR operator, introducing ambiguity and potentially allowing unintended updates to movingAverages. This could result in incorrect or inconsistent behavior when setting initial values.

Vulnerability Details

Here's the implementation of _setInitialMovingAverages function in QuantammMathMovingAverage contract:

function _setInitialMovingAverages(

address _poolAddress,

int256[] memory _initialMovingAverages,

uint _numberOfAssets

) internal {

uint movingAverageLength = movingAverages[_poolAddress].length;

>> if (movingAverageLength == 0 || _initialMovingAverages.length == _numberOfAssets) {

//should be during create pool

movingAverages[_poolAddress] = _quantAMMPack128Array(_initialMovingAverages);

} else {

revert("Invalid set moving avg");

}

As seen above, OR operator is used in conditional statement.
If the movingAverageLength == 0 is true, _initialMovingAverages.length == _numberOfAssets would be ignored to pass the conditional. That means, the function may proceed to set moving averages for the specified pool without verifying that the provided initial averages match the expected number of assets.

Impact

Data Integrity Risk
The function may set moving averages with an incorrect number of values if _initialMovingAverages does not match _numberOfAssets, leading to invalid or inconsistent contract states.

Exploitation Risk
This vulnerability could be exploited by malicious actors or result in operational errors, compromising the reliability of the pool's data.

Tools Used

Manual Review

Recommendations

Use AND instead of OR in the conditional statement:

- if (movingAverageLength == 0 || _initialMovingAverages.length == _numberOfAssets) {

+ if (movingAverageLength == 0 && _initialMovingAverages.length == _numberOfAssets) {

Updates

Lead Judging Commences

n0kto Lead Judge 7 months ago

Submission Judgement Published

Invalidated

Reason: Non-acceptable severity

Assigned finding tags:

Informational or Gas / Admin is trusted / Pool creation is trusted / User mistake / Suppositions

Please read the CodeHawks documentation to know which submissions are valid. If you disagree, provide a coded PoC and explain the real likelyhood and the detailed impact on the mainnet without any supposition (if, it could, etc) to prove your point.

Prize pool breakdown

Total prize

49,600 OP

nSLOC

3,000

17 OP / LOC

High Medium

44,640

Low

4,960

Live

The contest is live. Earn rewards by submitting a finding.

Judging

Submissions are being carefully reviewed by our judges.

View all submissions

Appeals

This is your time to appeal against judgements on your submissions.

Appeals Review

Appeals are being carefully reviewed by our judges.

Rewards Distribution

The contest is complete and the rewards are being distributed.

View results

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.