c4-judge
commented
4 months ago Picodes marked the issue as duplicate of #304
Closed c4-bot-10 closed 4 months ago
c4-judge
commented
4 months ago Picodes marked the issue as duplicate of #304
c4-judge
commented
4 months ago Picodes marked the issue as unsatisfactory: Invalid
Lines of code
https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/CollateralTracker.sol#L1085 https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/CollateralTracker.sol#L1029
Vulnerability details
Impact
The
CollateralTracker.takeCommissionAddDatafunction andCollateralTracker.exercisefunctions are used to take the commission amount during option creation and exercise an option and pay to the seller what is owed from the buyer, respectively.Both the above two functions update the
s_inAMM(The total assets in the UniswapV3Pool related to the Panoptic protocol) value at the end of their function execution to account for the updated asset values as a result of the operations as shown below:The issue here is that
int256 to uint256type casting is unsafe and could result in erroneous value thus breaking the state of thes_inAMMvalue.Let's assume the following scenario:
CollateralTrackercontract has been deployed and thes_inAMMis initially set to 0 (This would be the case when the s_inAMM is a small value when enough funds are transferred to the UniswapV3 pool at the beginning) .PanopticPool.mintOptionstransaction, which makes a subsequent call to theCollateralTracker.takeCommissionAddDatafunction such thatshortAmount > longAmount.(shortAmount - longAmount)value is> 0for the current option being minted.s_inAMM == 0theint256(uint256(s_inAMM)) - (shortAmount - longAmount)will result in a negative value and this negative value is represented in two's complement.-1will be represented with all bits set to1in theint256binary representation.uint256this two's complement of negative representation is not taken into account and directly casts it touint256. Hence if the converted value is-1then the converted value into uint256 will be thetype(uint256).maxwhich gets downcast to the uint128 and as a result thes_inAMMwill have the maximum value oftype(uint128).max.s_inAMMenters into an erroneous and broken state that can not be rectified and will negatively affect the subsequent critical transactions of the panoptic protocol as described below.This could prompt all the subsequent operations which uses the
totalAssets()function such aspreviewDeposit, previewMint, previewWithdraw, _poolUtilization, revoke, takeCommissionAddData, excercisefunctions performing erroneous operations (with wrong totalAssets() returned value) which results in broken state of the panoptic protocol.Further if the
-1is casted intouint256then since thes_inAMMis assignedtype(uint128).maxvalue any subsequent addition to thes_inAMMwill result in transaction revert due to uint128 overflow. This willDoStheCollteralTracker.excerciseandCollateralTracker.takeCommissionAddDatathus breaking themint and exercisefunctionalities of thePanopticPoolcontract.This vulnerability is highly probable at the initial stage of the
CollateralTrackerdeployment since at the beginning not enough assets are transferred to theUniswapV3 pooland as a results_inAMMis comparatively a smaller value thus can underflow easily.Proof of Concept
https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/CollateralTracker.sol#L1085
https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/CollateralTracker.sol#L1029
Tools Used
Manual Review and VSCode
Recommended Mitigation Steps
Hence it is recommended to implement safeCast for the
int256 to uint256casting and revert the transaction if a negative value ofint256is being casted intouint256value. Hence this will prevent thes_inAMMstate entering into an erroneous and broken state.Assessed type
DoS