c4-judge
commented
4 months ago Picodes marked the issue as unsatisfactory: Invalid
Closed c4-bot-8 closed 4 months ago
c4-judge
commented
4 months ago Picodes marked the issue as unsatisfactory: Invalid
Picodes
commented
4 months ago There are unchecked everywhere in the library
Lines of code
https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/PanopticPool.sol#L16
Vulnerability details
Impact
The FullMath library doesn't correctly handle the case when an intermediate value overflows 256 bits. This happens because an overflow is desired in this case but it's never reached.
Proof of Concept
The FullMath library was taken from Uniswap v3-core. However, the original solidity version that was used was < 0.8.0, meaning that the execution didn't revert wan an overflow was reached. This effectively means that when a phantom overflow (a multiplication and division where an intermediate value overflows 256 bits) occurs the execution will revert and the correct result won't be returned. The original library was designed in a way that could handle intermediate overflows. The FullMath library is used in the MathLib library in order to format an 18-decimal number to a FixedPoint 96.Q96 number.
impact
The correct result isn't returned in this case and the execution gets reverted when a phantom overflows occurs.
Assessed type
Under/Overflow