issues
search
code-423n4
/
2024-04-panoptic-findings
2
stars
2
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
User can avoid force exercise by front-running and mint/burn another position
#532
c4-bot-1
closed
2 months ago
2
No check if TWAP is outside of bounds for position exercise allows to steal from users
#531
c4-bot-8
closed
2 months ago
4
mintTokenizedPosition doesn't use slippage protection although slippageTickLimitLow, slippageTickLimitHigh are provided in parameters
#530
c4-bot-2
closed
2 months ago
2
There is no msg.value check while making deposit.
#529
c4-bot-9
closed
2 months ago
1
QA Report
#528
c4-bot-2
closed
2 months ago
1
Use of delegatecall in a payable function inside a loop
#527
c4-bot-4
closed
2 months ago
1
Liquidations can be DoS by removing liquidity from the respective position, in the UniswapV3 pool by creating long positions
#526
c4-bot-5
closed
2 months ago
3
Minted positions leg can be override leading to unexpected change in position.
#525
c4-bot-1
closed
2 months ago
3
Unsafe casting of `int256` to `uint256` can prompt the `s_settledTokens` mapping into a broken state
#524
c4-bot-5
closed
2 months ago
3
`PanopticFactory` can be bricked and become unusable
#523
c4-bot-8
opened
2 months ago
5
Discrepancies in in Token Conversion
#522
c4-bot-2
closed
2 months ago
2
Accounts with a large amount of position can become unliquidable, resulting in bad debt
#521
c4-bot-9
closed
2 months ago
4
Unsafe casting could prompt the critical functions of the Panoptic protocol into `DoS`
#520
c4-bot-10
closed
2 months ago
2
Option positions can be forced to be always `in-the-money` by manipulating UniswapV3 pool via flash loans
#519
c4-bot-2
closed
2 months ago
3
User can mint free shares by opening positions in the pool
#518
c4-bot-6
closed
2 months ago
2
The FullMath library is unable to handle intermediate overflows due to overflow that's desired but never reached
#517
c4-bot-8
closed
2 months ago
2
Wrong order in delta calculation in the `tickCumulatives` could result in wrong `twapTick` thus putting the protocol in a broken and undesirable state (insolvent state)
#516
c4-bot-6
closed
2 months ago
3
QA Report
#515
c4-bot-9
closed
2 months ago
1
Token Sorting Vulnerability in SemiFungiblePositionManager.sol
#514
c4-bot-9
closed
2 months ago
2
MaxLimit is not implemented in minting
#513
c4-bot-9
opened
2 months ago
4
`ValidateExerciseable` function logic leads to forceExercising ineligible positions
#512
c4-bot-9
closed
2 months ago
4
Inaccurate MEV Tax Calculation
#511
c4-bot-1
closed
2 months ago
1
Using delegatecall inside a loop. When calling delegatecall the same msg.value amount will be accredited multiple times.
#510
c4-bot-6
closed
2 months ago
1
Insufficient check in LeftRight.addcapped() which could lead to accounting flaw
#509
c4-bot-8
closed
2 months ago
6
One-Step Ownership Transfer Vulnerability
#508
c4-bot-8
closed
2 months ago
1
no verification of open positions before withdrawal of assets
#507
c4-bot-8
closed
2 months ago
2
`twapFilter()` may show incorrect price for negative ticks cause it doesn't round up for negative ticks
#506
c4-bot-1
closed
2 months ago
2
Lack of Correct Handling of Negative Utilization
#505
c4-bot-6
closed
2 months ago
1
QA Report
#504
c4-bot-4
closed
2 months ago
1
`intrinsicValue` during minting OTM short options is not strictly 0 due to rounding issues
#503
c4-bot-3
closed
2 months ago
3
Premium payed by long option holders may be locked in PanopticPool
#502
c4-bot-4
closed
2 months ago
5
CollateralTracker is not EIP4626 compliant: `maxMint` is calculated to be too large
#501
c4-bot-4
closed
2 months ago
8
SemiFungiblePositionManager/ERC1155Minimal is not EIP1155 compliant
#500
c4-bot-3
closed
2 months ago
5
QA Report
#499
c4-bot-7
closed
2 months ago
1
`_validatePositionList()` does not check for duplicate tokenIds, allowing attackers to bypass solvency checks
#498
c4-bot-3
opened
2 months ago
13
`SettleLongPremium` is incorrectly implemented: premium should be deducted instead of added
#497
c4-bot-6
opened
2 months ago
4
Hash collision in the `PanopticMath.updatePositionsHash` function could prompt wrong positions in the `positionIdList` to be validated
#496
c4-bot-3
closed
2 months ago
4
QA Report
#495
c4-bot-10
closed
2 months ago
1
Lack of Input Validation in Token Transfer Function
#494
c4-bot-2
closed
2 months ago
1
Missing deadline checks in CollateralTracker.sol crucial functions like the `deposit()` and `withdraw()`
#493
c4-bot-9
closed
2 months ago
3
Unable to burn tokenId with more than 2 legs inside
#492
c4-bot-9
closed
2 months ago
3
difference in calculation of values in `previewDeposit` and `previewMint` will return different vaules
#491
c4-bot-6
closed
2 months ago
2
QA Report
#490
c4-bot-7
opened
2 months ago
2
Depositors may lose entire assets deposited in `CollateralTracker` due to overflow in poolAssets
#489
c4-bot-1
closed
2 months ago
7
QA Report
#488
c4-bot-1
closed
2 months ago
1
In the addCapped there is no mechanism to reset the unfreeze the accumulators, and it will silentghly return the outdated/wrong values.
#487
c4-bot-5
closed
2 months ago
2
Lack of slippage protection allows to steal from users
#486
c4-bot-3
closed
2 months ago
7
Analysis
#485
c4-bot-9
closed
2 months ago
1
Incorrect validation of effectiveLiquidityLimitX32 in _checkLiquiditySpread()
#484
c4-bot-4
closed
2 months ago
3
In the swapInAMM the malicious actor could manipulate the sqrtPriceX96 in the slot0 which can cause an incorrect calculation.
#483
c4-bot-8
closed
2 months ago
4
Previous
Next