code-423n4 2024-04-panoptic-findings issues

code-423n4 / 2024-04-panoptic-findings

2 stars 2 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

User can avoid force exercise by front-running and mint/burn another position

#532 c4-bot-1 closed 2 months ago
2
No check if TWAP is outside of bounds for position exercise allows to steal from users

#531 c4-bot-8 closed 2 months ago
4
mintTokenizedPosition doesn't use slippage protection although slippageTickLimitLow, slippageTickLimitHigh are provided in parameters

#530 c4-bot-2 closed 2 months ago
2
There is no msg.value check while making deposit.

#529 c4-bot-9 closed 2 months ago
1
QA Report

#528 c4-bot-2 closed 2 months ago
1
Use of delegatecall in a payable function inside a loop

#527 c4-bot-4 closed 2 months ago
1
Liquidations can be DoS by removing liquidity from the respective position, in the UniswapV3 pool by creating long positions

#526 c4-bot-5 closed 2 months ago
3
Minted positions leg can be override leading to unexpected change in position.

#525 c4-bot-1 closed 2 months ago
3
Unsafe casting of `int256` to `uint256` can prompt the `s_settledTokens` mapping into a broken state

#524 c4-bot-5 closed 2 months ago
3
`PanopticFactory` can be bricked and become unusable

#523 c4-bot-8 opened 2 months ago
5
Discrepancies in in Token Conversion

#522 c4-bot-2 closed 2 months ago
2
Accounts with a large amount of position can become unliquidable, resulting in bad debt

#521 c4-bot-9 closed 2 months ago
4
Unsafe casting could prompt the critical functions of the Panoptic protocol into `DoS`

#520 c4-bot-10 closed 2 months ago
2
Option positions can be forced to be always `in-the-money` by manipulating UniswapV3 pool via flash loans

#519 c4-bot-2 closed 2 months ago
3
User can mint free shares by opening positions in the pool

#518 c4-bot-6 closed 2 months ago
2
The FullMath library is unable to handle intermediate overflows due to overflow that's desired but never reached

#517 c4-bot-8 closed 2 months ago
2
Wrong order in delta calculation in the `tickCumulatives` could result in wrong `twapTick` thus putting the protocol in a broken and undesirable state (insolvent state)

#516 c4-bot-6 closed 2 months ago
3
QA Report

#515 c4-bot-9 closed 2 months ago
1
Token Sorting Vulnerability in SemiFungiblePositionManager.sol

#514 c4-bot-9 closed 2 months ago
2
MaxLimit is not implemented in minting

#513 c4-bot-9 opened 2 months ago
4
`ValidateExerciseable` function logic leads to forceExercising ineligible positions

#512 c4-bot-9 closed 2 months ago
4
Inaccurate MEV Tax Calculation

#511 c4-bot-1 closed 2 months ago
1
Using delegatecall inside a loop. When calling delegatecall the same msg.value amount will be accredited multiple times.

#510 c4-bot-6 closed 2 months ago
1
Insufficient check in LeftRight.addcapped() which could lead to accounting flaw

#509 c4-bot-8 closed 2 months ago
6
One-Step Ownership Transfer Vulnerability

#508 c4-bot-8 closed 2 months ago
1
no verification of open positions before withdrawal of assets

#507 c4-bot-8 closed 2 months ago
2
`twapFilter()` may show incorrect price for negative ticks cause it doesn't round up for negative ticks

#506 c4-bot-1 closed 2 months ago
2
Lack of Correct Handling of Negative Utilization

#505 c4-bot-6 closed 2 months ago
1
QA Report

#504 c4-bot-4 closed 2 months ago
1
`intrinsicValue` during minting OTM short options is not strictly 0 due to rounding issues

#503 c4-bot-3 closed 2 months ago
3
Premium payed by long option holders may be locked in PanopticPool

#502 c4-bot-4 closed 2 months ago
5
CollateralTracker is not EIP4626 compliant: `maxMint` is calculated to be too large

#501 c4-bot-4 closed 2 months ago
8
SemiFungiblePositionManager/ERC1155Minimal is not EIP1155 compliant

#500 c4-bot-3 closed 2 months ago
5
QA Report

#499 c4-bot-7 closed 2 months ago
1
`_validatePositionList()` does not check for duplicate tokenIds, allowing attackers to bypass solvency checks

#498 c4-bot-3 opened 2 months ago
13
`SettleLongPremium` is incorrectly implemented: premium should be deducted instead of added

#497 c4-bot-6 opened 2 months ago
4
Hash collision in the `PanopticMath.updatePositionsHash` function could prompt wrong positions in the `positionIdList` to be validated

#496 c4-bot-3 closed 2 months ago
4
QA Report

#495 c4-bot-10 closed 2 months ago
1
Lack of Input Validation in Token Transfer Function

#494 c4-bot-2 closed 2 months ago
1
Missing deadline checks in CollateralTracker.sol crucial functions like the `deposit()` and `withdraw()`

#493 c4-bot-9 closed 2 months ago
3
Unable to burn tokenId with more than 2 legs inside

#492 c4-bot-9 closed 2 months ago
3
difference in calculation of values in `previewDeposit` and `previewMint` will return different vaules

#491 c4-bot-6 closed 2 months ago
2
QA Report

#490 c4-bot-7 opened 2 months ago
2
Depositors may lose entire assets deposited in `CollateralTracker` due to overflow in poolAssets

#489 c4-bot-1 closed 2 months ago
7
QA Report

#488 c4-bot-1 closed 2 months ago
1
In the addCapped there is no mechanism to reset the unfreeze the accumulators, and it will silentghly return the outdated/wrong values.

#487 c4-bot-5 closed 2 months ago
2
Lack of slippage protection allows to steal from users

#486 c4-bot-3 closed 2 months ago
7
Analysis

#485 c4-bot-9 closed 2 months ago
1
Incorrect validation of effectiveLiquidityLimitX32 in _checkLiquiditySpread()

#484 c4-bot-4 closed 2 months ago
3
In the swapInAMM the malicious actor could manipulate the sqrtPriceX96 in the slot0 which can cause an incorrect calculation.

#483 c4-bot-8 closed 2 months ago
4

Previous Next