Open c4-bot-4 opened 9 months ago
dup #211, It's important to note that this account premium calculation is not actually used anywhere within the SFPM, and is an opinionated calculation exposed for optional use by protocols such as Panoptic to price options.
With that being said, part of the opinionated definition of that calculation includes a multiplier on the premium for option buyers based on the utilization on a given chunk. As is illustrated by this graph of the relationship between the utilization and the premium multiplier, there is a vertical asymptote at 100% utilization. Thus, it is expected that protocols using this feature will cap utilization at a certain percentage (for example, Panoptic allows a maximum utilization of 90%).
The long premium calculations at a utilization of 100% (where netLiquidity=0) cannot be performed because the multiplier approaches infinity and would be undefined at that utilization. In that situation, it makes the most sense to forego the premium calculation. Protocols who use this calculation should understand this behavior and either implement a utilization cap or accept that premium will be 0 at utilization=100%
dyedm1 (sponsor) disputed
Picodes marked the issue as duplicate of #211
Picodes changed the severity to QA (Quality Assurance)
Picodes marked the issue as grade-b
Lines of code
https://github.com/code-423n4/2023-11-panoptic/blob/f75d07c345fd795f907385868c39bafcd6a56624/contracts/SemiFungiblePositionManager.sol#L1255-L1329
Vulnerability details
Impact
Premium computation is wrong when user want to create a long position. Any protocol that will be created on top of sfpm cannot rely on premium computation of sfpm.
For instance, an user want to short an lp position by first minting an liquidity position on uniswap v3 through sfpm, and then going long (isLong = 1) on the entire liquidity minted previously. In that case,
getAccountPremium
of sfpm will always return 0 for both tokens. In that case, the premium should befeeGrowthX128 * T * (1+ spread)
.Proof of Concept
Tools Used
Recommended Mitigation Steps
Forbid going long on the entire liquidity minted.
Assessed type
Invalid Validation