Users can initialize PanopticPool with incorrect data.
If user initializes PanopticPool using PanopticFactory no troubles would occur, however, if user wants to use PanopticPool separately, he/she can call PanopticPool.startPool() with any data that they want resulting to params _univ3pool, token0, token1, collateralTracker0, collateralTracker1 being not related at all. If user then wants to call any major functions they would revert as pool was initialized wrongly.
Impact
Wrongly initialized PanopticPool is invalid and can not be used as all main functions would revert.
Recommended Mitigation Steps
Add additional checks to ensure that PanopticPool is initialized correctly.
Lines of code
https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/PanopticPool.sol#L291
Vulnerability details
Users can initialize
PanopticPool
with incorrect data. If user initializesPanopticPool
usingPanopticFactory
no troubles would occur, however, if user wants to use PanopticPool separately, he/she can callPanopticPool.startPool()
with any data that they want resulting to params _univ3pool, token0, token1, collateralTracker0, collateralTracker1 being not related at all. If user then wants to call any major functions they would revert as pool was initialized wrongly.Impact
Wrongly initialized
PanopticPool
is invalid and can not be used as all main functions would revert.Recommended Mitigation Steps
Add additional checks to ensure that
PanopticPool
is initialized correctly.Assessed type
Invalid Validation