The normalized sum of the weight is not always equal to 1
ggrieco-tob opened this issue · comments
Severity: Informational
Difficulty: Low
Description
It is possible to have a normalized sum of the token weight that is not equal to 1.
The whitepaper states the sum of normalized token weights should be equal to 1. However, inherent rounding issues in the division performed getNormalizedWeight
function can accumulate in the sum and result in a values less than 1
.
Exploit Scenario
Alice creates a new pool. She reviews the documentation and incorrectly assumes that the sum of normalized weight token will be 1. As a result of that, she incorrectly implement onchain/offchain code to interact with the pool, potentially causing unexpected results (e.g. rounding issues, zero division) in her code.
Recommendation
Short term, properly document this rounding issue and make sure users understand that this property is not strictly enforced.
Long term, consider using Echidna and Manticore to normalized weights are correctly computed.