Open c4-bot-10 opened 5 months ago
Picodes marked the issue as duplicate of #239
Picodes marked the issue as not a duplicate
Picodes marked the issue as primary issue
Technically the median would be 9 (so comments are wrong), but there are not really any meaningful consequences from using the 10th index instead. Not sure the Med sev on this is justified.
Considering the lack of impact here, I do agree with the sponsor and think low severity is more justified under "state handling, function incorrect as to spec, issues with comments".
Picodes changed the severity to QA (Quality Assurance)
Picodes marked the issue as grade-a
Lines of code
https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/libraries/PanopticMath.sol#L266
Vulnerability details
Impact
Detailed description of the impact of this finding.
as we are taking median of twapMeasurement array ,which has a size of 20 as indices go from (0 to 19). so the 10 element is array index 9 not 10.
Proof of Concept
Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. function twapFilter(IUniswapV3Pool univ3pool, uint32 twapWindow) external view returns (int24) { uint32[] memory secondsAgos = new uint32;
Tools Used
Recommended Mitigation Steps
return int24(sortedTicks[9]);
Assessed type
Context