search

code-423n4 / 2024-04-panoptic-findings

9 stars 4 forks source link

Upgraded Q -> 2 from #439 [1715296378859] #583

Closed c4-judge closed 4 months ago

c4-judge commented 4 months ago

Judge has assessed an item in Issue #439 as 2 risk. The relevant finding follows:

[L-02]CollateralTracker.maxMint's implementation isn’t correct File: https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/CollateralTracker.sol#L444-L448

While containing COMMISSION_FEE, in CollateralTracker.maxMint, the function is implementation as:

function maxMint(address) external view returns (uint256 maxShares) {
    unchecked {
        return (convertToShares(type(uint104).max) * DECIMALS) / (DECIMALS + COMMISSION_FEE);
    }
}

which means:

maxShares = Math.mulDiv(assets, totalSupply, totalAssets()) * DECIMALS / (DECIMALS + COMMISSION_FEE);

But all others functions calculates shares as

shares = Math.mulDiv(assets (DECIMALS - COMMISSION_FEE), totalSupply,totalAssets() DECIMALS);

c4-judge commented 4 months ago

This auto-generated issue was withdrawn by Picodes