search

code-423n4 / 2024-04-panoptic-findings

9 stars 4 forks source link

Attacker can mint long position with dust amount to make a loss to protocol #581

Open c4-bot-6 opened 7 months ago

c4-bot-6 commented 7 months ago

Lines of code

https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/PanopticPool.sol#L547-#L561 https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/SemiFungiblePositionManager.sol#L688

Vulnerability details

Vulnerability details

In current design of protocol, it only restrict user from minting position with position size = 0:

function _validateAndForwardToAMM(
    TokenId tokenId,
    uint128 positionSize,
    int24 tickLimitLow,
    int24 tickLimitHigh,
    bool isBurn
) internal returns (LeftRightUnsigned[4] memory collectedByLeg, LeftRightSigned totalMoved) {
    // Reverts if positionSize is 0 and user did not own the position before minting/burning
    if (positionSize == 0) revert Errors.OptionsBalanceZero();  //  <---

Attacker can conduct a griefing attack by continuously minting long position with dust amount, which lead to bad debt for protocol in worst case

Impact

No incentive for anyone to minting them, which lead to bad debt for protool.

Tools Used

Manual review

Recommended Mitigation Steps

Add minimum positionSize

Assessed type

Context

c4-judge commented 7 months ago

Picodes marked the issue as duplicate of #247

c4-judge commented 6 months ago

Picodes marked the issue as duplicate of #313

c4-judge commented 6 months ago

Picodes changed the severity to QA (Quality Assurance)

c4-judge commented 6 months ago

Picodes marked the issue as grade-b