Introduction
Magma Protocol is a concentrated-liquidity AMM (CLAMM) for MOVE-based chains, paired with veMAGMA tokenomics. Liquidity is provided in discrete bins across a price curve; fees are split into base and volatility-adjusted components; and external incentives stream via a Rewarder subsystem with gauges/bribes. Governance controls parameters and emissions via admin capabilities.
Scope of the Engagement
Three Sigma executed a focused audit of Magma Core (ALMM) between 17 Jul 2025 – 06 Aug 2025.
The review covered 3,777 non-comment, non-blank lines across the core AMM, factory, fee, price, bin tree, rewarder, and position management modules.
Auditors: 2
Effort: 6.0 person-weeks
Primary objectives:
- Validate bin math, swaps, quoter paths, and fee model (base + variable/volatility).
- Review position lifecycle (mint/raise/shrink/burn), accounting, and checkpointing.
- Assess rewarder design (emissions, settlement, collection) and vault accounting.
- Verify admin flows (factory capabilities, pause controls, parameter changes).
- Stress-test rounding, overflow/underflow, and DoS edges across bins and globals.
Challenges in Securing a CLAMM in Move
- Global vs. bin-local accounting. Cross-bin burns/mints must keep
liquidity aggregates coherent; any desync risks DoS on subsequent exits (C-01). - Volatility-based fees. Timers, decay, and update windows must prevent trivial timestamp games that lock fees at punitive levels (M-03).
- Rewards correctness. Emissions/settlement across global vaults require pool scoping and per-position checkpointing at every liquidity change (H-01, M-01, M-02).
- Rounding policy. AMM math must round in protocol’s favor on debits/credits to avoid value leakage (L-01, L-05).
- Operational controls. Effective pause, version gates, and event hygiene reduce incident blast radius and improve observability (M-05, L-02, L-06, L-07).
Audit Date: 2025-08-06
Language: Move
Type: Code Audit
Results and Findings
Key Critical Issue
3S-Magma-C01 — Global liquidity reset on single-bin zero enables burn DoS
Classification: Critical (Bug) — Status: Addressed in b9794b.
Description: burn_from_bins_internal set self.liquidity = 0 whenever a touched bin’s reserves or supply reached zero. Subsequent burns in other bins hit underflow when subtracting liquidity_delta from an incorrect zeroed global, bricking exits and enabling griefing by zeroing a tiny bin.
Resolution: Do not zero global liquidity on per-bin depletion. Decrease by liquidity_delta; clamp to zero only if liquidity_delta ≥ self.liquidity.
Notable High-Severity Issue
3S-Magma-H01 — Position rewarder not checkpointed on liquidity changes
Classification: High (Bug) — Status: Addressed in #2fc65e.
Description: Rewarder growth was snapshotted at creation only. Later raises/shrinks didn’t checkpoint rewarder state, letting users game rewards (add liquidity just before claim; remove after) or get underpaid in the inverse case.
Resolution: On every liquidity change, compute and accrue due rewards to PositionReward.amount_owned, then update growth_inside to current global.
In conclusion
This review eliminated a bin→global liquidity desync that could brick withdrawals, hardened volatility fee timing against trivial manipulation, and fixed position/reward checkpointing so payouts track actual liquidity over time. The quoter now returns accurate inputs; pause/version gates are operational; events and rounding are protocol-favorable; and rewarder flows have clear guidance toward per-pool accounting. Collectively, these changes reduce DoS and value-leak vectors and improve Magma’s competitiveness and operator clarity.
Three Sigma’s Value
We focused on the mechanics that decide a CLAMM’s durability: coherent global state, robust fee dynamics, and sound reward settlement. By aligning rounding policy, fixing accounting edges, and fortifying admin controls, we helped move Magma from a performant prototype to a production-ready AMM foundation on Sui.
