code-423n4 2024-04-panoptic-findings issues

code-423n4 / 2024-04-panoptic-findings

9 stars 4 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Upgraded Q -> 2 from #439 [1715296378859]

#583 c4-judge closed 6 months ago
1
Attacker can mint long position with dust amount to make a loss to protocol

#581 c4-bot-6 opened 7 months ago
4
Missing Input Validation

#580 c4-bot-1 closed 7 months ago
2
getAmountsForLiquidity returns incorrect price

#579 c4-bot-8 closed 7 months ago
2
Reentrancy in ERC777 tokens in collateralTokens.sol

#578 c4-bot-1 closed 7 months ago
2
Precision Loss Due to Division Before Multiplication.

#577 c4-bot-1 closed 7 months ago
1
QA Report

#576 c4-bot-7 closed 7 months ago
1
Missing initializer in SemiFungiblePositionManager::initializeAMMPool

#575 c4-bot-5 closed 7 months ago
1
Insecure use of SafeTransferFrom() function

#574 c4-bot-7 closed 7 months ago
1
Nondeterministic clone can cause issues in case of reorg

#573 c4-bot-1 opened 7 months ago
6
convertToAssets can return zero when totalAsset * shares is lesser than TotalSupply

#572 c4-bot-1 closed 7 months ago
2
Missing access control CollateralTracker::startToken

#571 c4-bot-6 closed 7 months ago
4
Incorrect ERC20 Function Interface Definitions.

#570 c4-bot-8 closed 7 months ago
2
Missing access control in PanopticFactory::initialize can be manipulated by MEV

#569 c4-bot-2 closed 7 months ago
1
QA Report

#568 c4-bot-8 opened 7 months ago
4
Core function can be called externally leading to DOS

#567 c4-bot-9 closed 7 months ago
2
Attacker can deploy pool with fake token to drain other token in the pair from user who mint option is short call

#566 c4-bot-4 closed 7 months ago
2
Return values of `approve()` not checked

#565 c4-bot-4 opened 7 months ago
2
Unrestricted Shares Transferability

#564 c4-bot-3 closed 7 months ago
2
QA Report

#563 c4-bot-4 opened 7 months ago
1
Use of `slot0` to get `sqrtPriceLimitX96` can lead to price manipulation.

#562 c4-bot-4 closed 7 months ago
3
Analysis

#561 c4-bot-9 closed 7 months ago
1
QA Report

#560 c4-bot-6 opened 7 months ago
2
Incorrect Exponentiation

#559 c4-bot-2 closed 7 months ago
1
First depositor to call `CollateralTracker.deposit` function will lose his funds, since `previewDeposit` will return zero shares to mint

#558 c4-bot-2 closed 7 months ago
3
Potential lose in precision due to the integer constraints

#557 c4-bot-10 closed 7 months ago
1
QA Report

#556 c4-bot-10 closed 7 months ago
1
`PanopticPool` can be initialized with wrong data

#555 c4-bot-2 closed 7 months ago
1
InteractionHelper.computeDecimals returns incorrect default value if ERC20 doesn't suport metadata

#554 c4-bot-10 closed 7 months ago
3
`maxMint()` violates EIP-4626

#553 c4-bot-2 opened 7 months ago
7
startToken is vulnerable to Frontrunning

#552 c4-bot-10 closed 7 months ago
2
“sandwiching” front running

#551 c4-bot-2 closed 7 months ago
1
Frontrunning Vulnerability in Multicall

#550 c4-bot-10 closed 7 months ago
1
Precision Loss in tickLower Calculation Leads to Incorrect Initialization of Liquidity Positions

#549 c4-bot-3 closed 7 months ago
2
QA Report

#548 c4-bot-8 opened 7 months ago
1
Using slot0 for sqrtPriceX96 in order to calculate amount could lead to price manipulation

#547 c4-bot-7 closed 7 months ago
7
Lack of Arbitrum Sequencer Uptime Checks in CollateralTracker Contract

#546 c4-bot-8 opened 7 months ago
1
Overestimation of collateral requirements due to rounding errors in _computeSpread function

#545 c4-bot-5 closed 7 months ago
3
Contract can be front run and set with a malicious owner upon deployment

#544 c4-bot-6 closed 7 months ago
1
Lack of slippage control in CollateralTracker

#543 c4-bot-9 closed 7 months ago
3
QA Report

#542 c4-bot-9 opened 7 months ago
1
Uniswap v3 callbacks access control should be hardened

#541 c4-bot-9 closed 7 months ago
1
Median is not updated when burning a position, which can result in an inaccurate solvency check

#540 c4-bot-9 opened 7 months ago
10
Incorrect Premium Calculation for Non-Long Legs in `_calculateAccumulatedPremia` Function

#539 c4-bot-5 closed 7 months ago
2
inadequate Handling of Receiver Logic in safeTransferFrom

#538 c4-bot-7 closed 7 months ago
1
`PanopticFactory` uses spot price when deploying new pools, resulting in liquidity manipulation when minting

#537 c4-bot-7 opened 7 months ago
8
getUniV3TWAP will return wrong price when tick is negative

#536 c4-bot-1 closed 7 months ago
2
`PanopticFactory` uses spot price when deploying new pools, resulting in liquidity manipulation when minting

#535 c4-bot-5 closed 7 months ago
1
`haircutPremia` will not cover protocol losses using liquidatee long premiums

#534 c4-bot-6 opened 7 months ago
5
QA Report

#533 c4-bot-9 closed 7 months ago
2