search

code-423n4 / 2024-04-panoptic-findings

9 stars 4 forks source link

Potential lose in precision due to the integer constraints #557

Closed c4-bot-10 closed 7 months ago

c4-bot-10 commented 7 months ago

Lines of code

https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/PanopticPool.sol#L1032 https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/PanopticPool.sol#L1598 https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/PanopticPool.sol#L1202

Vulnerability details

Impact

according to uniswap deocs - Using sqrtPriceX96 should be preferred over calculating the price from the current tick, because the current tick may lose precision due to the integer constraints

Proof of Concept

Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept.

Tools Used

Manual Review

Recommended Mitigation Steps

The protocol should use sqrtPriceX96 in place of current tick

Assessed type

Uniswap

c4-judge commented 7 months ago

Picodes marked the issue as unsatisfactory: Invalid