Omniscia Steer Protocol Audit
AlgebraMultiPositionLiquidityManager Manual Review Findings
AlgebraMultiPositionLiquidityManager Manual Review Findings
AMP-01M: Non-Uniform Restriction of Tick Ranges
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | AlgebraMultiPositionLiquidityManager.sol:L270 |
Description:
The AlgebraMultiPositionLiquidityManager::_setBins function will ensure that the lowerTick of each position is greater-than-or-equal-to the previous one whilst the upperTick is strictly greater-than the previous one.
Example:
270if (_positions.lowerTick[i - 1] > _positions.lowerTick[i]) {271 revert();272} else {273 require(274 _positions.upperTick[i - 1] < _positions.upperTick[i]275 );276}Recommendation:
We advise the code to ensure that both the lowerTick and upperTick values are strictly greater-than the previous position, ensuring consistency in the tick ranges and preventing the same lowerTick from being specified.
Alleviation (0c3f85c7c11805ac412fe291f5681bef26da7244):
The code was updated per our recommendation, applying the same restriction on both the lowerTick and upperTick entries ensuring a strict increase.
AMP-02M: Inexistent Sanitization of Bin Configuration
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | AlgebraMultiPositionLiquidityManager.sol:L139, L141, L311-L315, L318-L322 |
Description:
The AlgebraMultiPositionLiquidityManager::tend function will utilize the totalWeight input argument to calculate the proportion of the contract's available balance to deposit to the Algebra pool, however, the proportion is not restricted to be at most equal to 100% (1e4).
As such, it is possible for a AlgebraMultiPositionLiquidityManager::tend call to deposit more than the available balance of the contract, depositing pending fees which would cause all AlgebraBaseLiquidityManager::_getBalance0 and AlgebraBaseLiquidityManager::_getBalance1 function invocations to fail.
Impact:
It is possible for the vault to deposit more than its actual available balance as the weight of the AlgebraMultiPositionLiquidityManager::tend call is not sanitized.
Example:
129uint256 balance0 = _getBalance0();130uint256 balance1 = _getBalance1();131
132emit Snapshot(sqrtPriceX96, balance0, balance1, totalSupply());133
134// Create new positions in Uniswap135if (totalWeight > 0) {136 _setBins(137 sqrtPriceX96,138 // balance0 adjusted by totalWeight139 FullMath.mulDiv(balance0, totalWeight, 1e4),140 // balance1 adjusted by totalWeight141 FullMath.mulDiv(balance1, totalWeight, 1e4),142 swapAmount143 );144}Recommendation:
We advise the code to ensure that the totalWeight is at most equal to 1e4 as otherwise, underflow errors would occur in the AlgebraBaseLiquidityManager::_getBalance0 and AlgebraBaseLiquidityManager::_getBalance1 functions.
Alleviation (0c3f85c7c11805ac412fe291f5681bef26da7244):
A require check was introduced ensuring that the totalWeight specified in an AlgebraMultiPositionLiquidityManager::tend call is at most 100_00 thus alleviating this exhibit.