code-423n4 2024-06-panoptic-findings issues

code-423n4 / 2024-06-panoptic-findings

1 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

Delegatecal Loop : contracts/base/Multicall.sol#L12-L36

#51 howlbot-integration[bot] closed 1 month ago
1
Use of delegatecall Inside Loop in Payable Function within Multicall contract

#50 howlbot-integration[bot] closed 1 month ago
1
There is couple of issues with the privius code.

#49 howlbot-integration[bot] closed 1 month ago
1
Math.sol library uses the bitwise-xor operator instead of the exponentiation operator

#48 howlbot-integration[bot] closed 1 month ago
1
Incorrect Event Emission in Redeem Function

#47 howlbot-integration[bot] closed 1 month ago
1
the issue type ragarding expect return value for approve, transfer and we adding transfer from.

#46 howlbot-integration[bot] closed 1 month ago
1
Incorrect Assumption in FactoryNFT Can Lead to Reverts During Token URI Retrieval.

#45 howlbot-integration[bot] closed 4 weeks ago
2
Incorrect String Truncation in FactoryNFT Can Lead to Incomplete Panoptic Pool Addresses Within Metadata URI

#44 howlbot-integration[bot] closed 4 weeks ago
1
Integer Overflow in Metadata Access Logic ([bytes32("descriptions")])

#43 howlbot-integration[bot] closed 4 weeks ago
1
Integer Overflow in Pool ID Storage *unchecked Addition Can Lead to Incorrect Pool ID in SFPM

#42 howlbot-integration[bot] closed 4 weeks ago
2
UniswapV3 Callback Miscalculation in SFPM Risks Loss of Funds for Payers.

#41 howlbot-integration[bot] closed 4 weeks ago
2
Inaccurate Premium Accounting in SFPM Due to Incomplete Data Updates in registerTokenTransfer.

#40 howlbot-integration[bot] closed 4 weeks ago
2
Users should not be allowed to mint more positions than the limit

#39 howlbot-integration[bot] closed 1 month ago
1
`s_poolAssets` underflow in `CollateralTracker.sol` will lead to protocol failure

#38 howlbot-integration[bot] opened 1 month ago
7
Pool deployment can be DoS'd through price manipulation

#37 howlbot-integration[bot] closed 1 month ago
2
The `startToken` function in the `CollateralTracker` contract is missing a critical modifier to ensure that only the associated Panoptic pool can call it

#36 howlbot-integration[bot] closed 4 weeks ago
2
the lack of access controls on certain functions

#35 howlbot-integration[bot] closed 1 month ago
1
integer overflow.

#34 howlbot-integration[bot] closed 1 month ago
2
Sum vonalblity of smart contact

#33 howlbot-integration[bot] closed 1 month ago
1
Array length should be checked in MetadataStore.sol.

#32 howlbot-integration[bot] closed 1 month ago
1
Use of delegatecall in a payable function inside a loop

#31 howlbot-integration[bot] closed 1 month ago
1
Lack of overflow validation allows manipulation of s_poolAssets leading to incorrect totalAssets calculation

#30 howlbot-integration[bot] opened 1 month ago
4
The value of `FORCE_EXERCISE_COST` may be too low and make forced exercises very cheap

#29 howlbot-integration[bot] closed 1 month ago
2
Usage of Low-Level .call() Function

#28 howlbot-integration[bot] closed 1 month ago
1
After EIP-3074 owners would be unable to withdraw due to the `msg.sender != owner` check

#27 howlbot-integration[bot] closed 1 month ago
1
Users solvency validation are being erroneously executed since they are done on the basis of wrong tick data

#26 howlbot-integration[bot] opened 1 month ago
6
Issue M-02 not correctly fixed since the check is not inclusive

#25 howlbot-integration[bot] closed 4 weeks ago
1
`FactoryNFT#tokenURI()` does not comply with 721 since it doedne check if the tokenId is valid

#24 howlbot-integration[bot] closed 4 weeks ago
2
getChainName()'s implementation is somewhat broken on the Blast chain.

#23 howlbot-integration[bot] closed 4 weeks ago
2
The issue around validating the position list from the previous audit seems to have not been fixed

#22 howlbot-integration[bot] closed 4 weeks ago
2
Protocol is vulnerable to SVG JSON injection attacks

#21 howlbot-integration[bot] closed 1 month ago
2
I will describe a smart way to exploit the smart contract's totalAssets()

#20 howlbot-integration[bot] closed 1 month ago
1
`_validatePositionList()` positionIdList can still lead to forgery

#19 howlbot-integration[bot] closed 4 weeks ago
3
Approve race condition in Collateral Tracker

#18 howlbot-integration[bot] closed 1 month ago
2
safeERC20Symbol() function will always revert when interating with tokens that returns bytes32 as Symbol

#17 howlbot-integration[bot] closed 4 weeks ago
10
Usage of `slot0` is extremely easy to manipulate

#16 howlbot-integration[bot] closed 1 month ago
2
The `tokenURI` function doesn't verify if a token ID is valid before returning its metadata. This means it could return data for a fake or non existent NFT.

#15 howlbot-integration[bot] closed 1 month ago
2
Missing return values in `assertMinCollateralValues` function causes difficulty in slippage checks

#14 howlbot-integration[bot] closed 4 weeks ago
2
Unhandled return value of transferFrom in contracts/CollateralTracker.sol

#13 howlbot-integration[bot] closed 4 weeks ago
1
[M-01] Potential Division by Zero or Unintended Behavior Due to Close Asset Values in the `revoke` function

#12 howlbot-integration[bot] closed 4 weeks ago
2
Uninitialized Variable in _getRequiredCollateralSingleLegPartner Function May Lead to Incorrect Collateral Calculations

#11 howlbot-integration[bot] closed 4 weeks ago
2
Division by Zero in _computeSpread Function Leads to Potential Runtime Errors and Incorrect Collateral Calculations

#10 howlbot-integration[bot] closed 4 weeks ago
11
Inaccurate Collateral Calculation in _computeSpread Function Due to Insufficient Zero Difference Handling

#9 howlbot-integration[bot] closed 4 weeks ago
1
Incorrect Validation in _updatePositionsHash Function Allows Exceeding Maximum Positions Limit by One

#8 howlbot-integration[bot] closed 4 weeks ago
2
Lack of Validation for positionIdList in mintOptions Function Can Lead to Errors and Potential Exploits

#7 howlbot-integration[bot] closed 4 weeks ago
1
Incorrect Validation for tickLimitLow and tickLimitHigh Causing Potential Slippage Check Failures

#6 howlbot-integration[bot] closed 4 weeks ago
1
M-02 from past audit not completely fixed. Users can still bypass solvency checks when settling long premium

#5 howlbot-integration[bot] closed 4 weeks ago
7
JSON injection and xss through ERC20 symbol when generating `tokenUri`

#4 howlbot-integration[bot] closed 1 month ago
2
SFPM does not update `s_accountPremiumOwed` or 's_accountPremiumGross` accumulators while transferring position

#3 howlbot-integration[bot] closed 4 weeks ago
2
Updates

#2 liveactionllama closed 1 month ago
0