search

code-423n4 / 2024-04-panoptic-findings

7 stars 3 forks source link

In the addCapped there is no mechanism to reset the unfreeze the accumulators, and it will silentghly return the outdated/wrong values. #487

Closed c4-bot-5 closed 4 months ago

c4-bot-5 commented 4 months ago

Lines of code

https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/types/LeftRight.sol#L279-L302

Vulnerability details

Impact

addCapped plays important role in the updating the accumulated premia. The problem is, that there will be a point in time when the accumulators will overflow. Once upon a time, when this occur there will be no option to reset this number as well as it will continuously return the outdated data (last accumulator before the overflow), without notification

Tools Used

Manual review

Recommended Mitigation Steps

I highly encourage you to create the mechanism that could reset the overflowed amounts, as well as prevent from returning the outdated data

Assessed type

Error

Picodes commented 4 months ago

It's written in the comment preceding the function?

c4-judge commented 4 months ago

Picodes marked the issue as unsatisfactory: Invalid