The startToken function initializes critical aspects of the contract state, such as setting up whether token0 or token1 is considered the underlying token, setting up the Panoptic pool, the total supply of virtual shares, and various fees. If a malicious actor can see that a transaction is about to initialize these values, they could potentially front-run this transaction to set the initial state to their advantage or simply to prevent another user from successfully initializing the state (by causing the if (s_initialized) revert Errors.CollateralTokenAlreadyInitialized(); condition to trigger for the legitimate user).
Since startToken sets several economic parameters, a frontrunner could manipulate these initial conditions. This could include setting an advantageous fee structure or initializing the contract in a way that benefits them financially before any other users can interact under fair conditions.
Also if a malicious user front-runs a legitimate initialization, they could destabilize the intended operational logic of the contract. By causing the initialization to occur under their control, subsequent legitimate attempts to initialize would fail, leading to potential disruptions in how the contract was supposed to function, or in some cases, locking out legitimate administrative actions which rely on initial setup conditions.
function startToken(
bool underlyingIsToken0,
address token0,
address token1,
uint24 fee,
PanopticPool panopticPool
) external {
// fails if already initialized
if (s_initialized) revert Errors.CollateralTokenAlreadyInitialized();
s_initialized = true;
// these virtual shares function as a multiplier for the capital requirement to manipulate the pool price
// e.g if the virtual shares are 10**6, then the capital requirement to manipulate the price to 10**12 is 10**18
totalSupply = 10 ** 6;
// set total assets to 1
// the initial share price is defined by 1/virtualShares
s_poolAssets = 1;
// store the address of the underlying ERC20 token
s_underlyingToken = underlyingIsToken0 ? token0 : token1;
// store the Panoptic pool for this collateral token
s_panopticPool = panopticPool;
// cache the pool fee in basis points
uint24 _poolFee;
unchecked {
_poolFee = fee / 100;
}
s_poolFee = _poolFee;
// Stores the addresses of the underlying tracked tokens.
s_univ3token0 = token0;
s_univ3token1 = token1;
// store whether the current collateral token is token0 (true) or token1 (false; since there's always exactly two tokens it could be)
s_underlyingIsToken0 = underlyingIsToken0;
// Additional risk premium charged on intrinsic value of ITM positions
unchecked {
s_ITMSpreadFee = uint128((ITM_SPREAD_MULTIPLIER * _poolFee) / DECIMALS);
}
}
Lines of code
https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/CollateralTracker.sol#L221
Vulnerability details
Impact
The startToken function initializes critical aspects of the contract state, such as setting up whether token0 or token1 is considered the underlying token, setting up the Panoptic pool, the total supply of virtual shares, and various fees. If a malicious actor can see that a transaction is about to initialize these values, they could potentially front-run this transaction to set the initial state to their advantage or simply to prevent another user from successfully initializing the state (by causing the if (s_initialized) revert Errors.CollateralTokenAlreadyInitialized(); condition to trigger for the legitimate user).
Since startToken sets several economic parameters, a frontrunner could manipulate these initial conditions. This could include setting an advantageous fee structure or initializing the contract in a way that benefits them financially before any other users can interact under fair conditions.
Also if a malicious user front-runs a legitimate initialization, they could destabilize the intended operational logic of the contract. By causing the initialization to occur under their control, subsequent legitimate attempts to initialize would fail, leading to potential disruptions in how the contract was supposed to function, or in some cases, locking out legitimate administrative actions which rely on initial setup conditions.
Proof of Concept
Loc
https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/CollateralTracker.sol#L221
Tools Used
Manual
Recommended Mitigation Steps
Use commit reveal schemes
Assessed type
Other