three sigma logo
Magma Finance

Code Audit

Magma Finance

A concentrated-liquidity ALMM for Move-based chains.

Severity Issues

critical
high

2

informational

3

medium

7

low

7

Audit Period

6 Weeks

Introduction

Magma Protocol is a concentrated-liquidity AMM (CLAMM) for MOVE-based chains, paired with veMAGMA tokenomics. Liquidity is provided in discrete bins across a price curve; fees are split into base and volatility-adjusted components; and external incentives stream via a Rewarder subsystem with gauges/bribes. Governance controls parameters and emissions via admin capabilities.

Scope of the Engagement

Three Sigma executed a focused audit of Magma Core (ALMM) between 17 Jul 2025 – 06 Aug 2025.

The review covered 3,777 non-comment, non-blank lines across the core AMM, factory, fee, price, bin tree, rewarder, and position management modules.

Auditors: 2

Effort: 6.0 person-weeks

Primary objectives:

  • Validate bin math, swaps, quoter paths, and fee model (base + variable/volatility).
  • Review position lifecycle (mint/raise/shrink/burn), accounting, and checkpointing.
  • Assess rewarder design (emissions, settlement, collection) and vault accounting.
  • Verify admin flows (factory capabilities, pause controls, parameter changes).
  • Stress-test rounding, overflow/underflow, and DoS edges across bins and globals.

Challenges in Securing a CLAMM in Move

  • Global vs. bin-local accounting. Cross-bin burns/mints must keep liquidity aggregates coherent; any desync risks DoS on subsequent exits (C-01).
  • Volatility-based fees. Timers, decay, and update windows must prevent trivial timestamp games that lock fees at punitive levels (M-03).
  • Rewards correctness. Emissions/settlement across global vaults require pool scoping and per-position checkpointing at every liquidity change (H-01, M-01, M-02).
  • Rounding policy. AMM math must round in protocol’s favor on debits/credits to avoid value leakage (L-01, L-05).
  • Operational controls. Effective pause, version gates, and event hygiene reduce incident blast radius and improve observability (M-05, L-02, L-06, L-07).

Audit Date: 2025-08-06

Language: Move

Type: Code Audit

Results and Findings

Key Critical Issue

3S-Magma-C01 — Global liquidity reset on single-bin zero enables burn DoS

Classification: Critical (Bug) — Status: Addressed in b9794b.

Description: burn_from_bins_internal set self.liquidity = 0 whenever a touched bin’s reserves or supply reached zero. Subsequent burns in other bins hit underflow when subtracting liquidity_delta from an incorrect zeroed global, bricking exits and enabling griefing by zeroing a tiny bin.

Resolution: Do not zero global liquidity on per-bin depletion. Decrease by liquidity_delta; clamp to zero only if liquidity_delta ≥ self.liquidity.

Notable High-Severity Issue

3S-Magma-H01 — Position rewarder not checkpointed on liquidity changes

Classification: High (Bug) — Status: Addressed in #2fc65e.

Description: Rewarder growth was snapshotted at creation only. Later raises/shrinks didn’t checkpoint rewarder state, letting users game rewards (add liquidity just before claim; remove after) or get underpaid in the inverse case.

Resolution: On every liquidity change, compute and accrue due rewards to PositionReward.amount_owned, then update growth_inside to current global.

Blockchain security isn't optional.

Protect your smart contracts and DeFi protocols with Three Sigma, a trusted security partner in blockchain audits, smart contract vulnerability assessments, and Web3 security.

In conclusion

This review eliminated a bin→global liquidity desync that could brick withdrawals, hardened volatility fee timing against trivial manipulation, and fixed position/reward checkpointing so payouts track actual liquidity over time. The quoter now returns accurate inputs; pause/version gates are operational; events and rounding are protocol-favorable; and rewarder flows have clear guidance toward per-pool accounting. Collectively, these changes reduce DoS and value-leak vectors and improve Magma’s competitiveness and operator clarity.

Three Sigma’s Value

We focused on the mechanics that decide a CLAMM’s durability: coherent global state, robust fee dynamics, and sound reward settlement. By aligning rounding policy, fixing accounting edges, and fortifying admin controls, we helped move Magma from a performant prototype to a production-ready AMM foundation on Sui.

Secure Your Crypto Project Before It’s Too Late. Get in Touch Today.