code-423n4 2024-06-panoptic-validation issues

code-423n4 / 2024-06-panoptic-validation

0 stars 0 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

HM issue validation

#56 CloudEllie opened 4 months ago
0
SFPM does not update `s_accountPremiumOwed` or 's_accountPremiumGross` accumulators while transferring position

#55 c4-bot-1 opened 5 months ago
0
JSON injection and xss through ERC20 symbol when generating `tokenUri`

#54 c4-bot-1 opened 5 months ago
0
M-02 from past audit not completely fixed. Users can still bypass solvency checks when settling long premium

#53 c4-bot-1 opened 5 months ago
0
Incorrect Validation for tickLimitLow and tickLimitHigh Causing Potential Slippage Check Failures

#52 c4-bot-8 opened 5 months ago
0
Lack of Validation for positionIdList in mintOptions Function Can Lead to Errors and Potential Exploits

#51 c4-bot-3 opened 5 months ago
0
Incorrect Validation in _updatePositionsHash Function Allows Exceeding Maximum Positions Limit by One

#50 c4-bot-10 opened 5 months ago
0
Inaccurate Collateral Calculation in _computeSpread Function Due to Insufficient Zero Difference Handling

#49 c4-bot-4 opened 5 months ago
0
Division by Zero in _computeSpread Function Leads to Potential Runtime Errors and Incorrect Collateral Calculations

#48 c4-bot-1 opened 5 months ago
0
Uninitialized Variable in _getRequiredCollateralSingleLegPartner Function May Lead to Incorrect Collateral Calculations

#47 c4-bot-5 opened 5 months ago
0
[M-01] Potential Division by Zero or Unintended Behavior Due to Close Asset Values in the `revoke` function

#46 c4-bot-9 opened 5 months ago
0
Unhandled return value of transferFrom in contracts/CollateralTracker.sol

#45 c4-bot-9 opened 5 months ago
0
Missing return values in `assertMinCollateralValues` function causes difficulty in slippage checks

#44 c4-bot-1 opened 5 months ago
0
The `tokenURI` function doesn't verify if a token ID is valid before returning its metadata. This means it could return data for a fake or non existent NFT.

#43 c4-bot-4 opened 5 months ago
0
Usage of `slot0` is extremely easy to manipulate

#42 c4-bot-7 opened 5 months ago
0
safeERC20Symbol() function will always revert when interating with tokens that returns bytes32 as Symbol

#41 c4-bot-8 opened 5 months ago
0
Approve race condition in Collateral Tracker

#40 c4-bot-10 opened 5 months ago
0
`_validatePositionList()` positionIdList can still lead to forgery

#39 c4-bot-1 opened 5 months ago
0
I will describe a smart way to exploit the smart contract's totalAssets()

#38 c4-bot-3 opened 5 months ago
0
Protocol is vulnerable to SVG JSON injection attacks

#37 c4-bot-9 opened 5 months ago
0
The issue around validating the position list from the previous audit seems to have not been fixed

#36 c4-bot-2 opened 5 months ago
0
getChainName()'s implementation is somewhat broken on the Blast chain.

#35 c4-bot-5 opened 5 months ago
0
`FactoryNFT#tokenURI()` does not comply with 721 since it doedne check if the tokenId is valid

#34 c4-bot-2 opened 5 months ago
0
Issue M-02 not correctly fixed since the check is not inclusive

#33 c4-bot-5 opened 5 months ago
0
Users solvency validation are being erroneously executed since they are done on the basis of wrong tick data

#32 c4-bot-5 opened 5 months ago
0
After EIP-3074 owners would be unable to withdraw due to the `msg.sender != owner` check

#31 c4-bot-7 opened 5 months ago
0
Usage of Low-Level .call() Function

#30 c4-bot-2 opened 5 months ago
0
The value of `FORCE_EXERCISE_COST` may be too low and make forced exercises very cheap

#29 c4-bot-10 opened 5 months ago
0
Lack of overflow validation allows manipulation of s_poolAssets leading to incorrect totalAssets calculation

#28 c4-bot-10 opened 5 months ago
0
Use of delegatecall in a payable function inside a loop

#27 c4-bot-4 opened 5 months ago
0
Array length should be checked in MetadataStore.sol.

#26 c4-bot-1 opened 5 months ago
0
QA Report

#25 c4-bot-3 opened 5 months ago
1
Sum vonalblity of smart contact

#24 c4-bot-6 opened 5 months ago
0
integer overflow.

#23 c4-bot-3 opened 5 months ago
0
the lack of access controls on certain functions

#22 c4-bot-3 opened 5 months ago
0
QA Report

#21 c4-bot-2 opened 5 months ago
1
The `startToken` function in the `CollateralTracker` contract is missing a critical modifier to ensure that only the associated Panoptic pool can call it

#20 c4-bot-7 opened 5 months ago
0
Pool deployment can be DoS'd through price manipulation

#19 c4-bot-5 opened 5 months ago
0
`s_poolAssets` underflow in `CollateralTracker.sol` will lead to protocol failure

#18 c4-bot-10 opened 5 months ago
0
Users should not be allowed to mint more positions than the limit

#17 c4-bot-6 opened 5 months ago
0
Inaccurate Premium Accounting in SFPM Due to Incomplete Data Updates in registerTokenTransfer.

#16 c4-bot-8 opened 5 months ago
0
UniswapV3 Callback Miscalculation in SFPM Risks Loss of Funds for Payers.

#15 c4-bot-3 opened 5 months ago
0
Integer Overflow in Pool ID Storage *unchecked Addition Can Lead to Incorrect Pool ID in SFPM

#14 c4-bot-5 opened 5 months ago
0
Integer Overflow in Metadata Access Logic ([bytes32("descriptions")])

#13 c4-bot-2 opened 5 months ago
0
Incorrect String Truncation in FactoryNFT Can Lead to Incomplete Panoptic Pool Addresses Within Metadata URI

#12 c4-bot-3 opened 5 months ago
0
Incorrect Assumption in FactoryNFT Can Lead to Reverts During Token URI Retrieval.

#11 c4-bot-5 opened 5 months ago
0
the issue type ragarding expect return value for approve, transfer and we adding transfer from.

#10 c4-bot-6 opened 5 months ago
0
Incorrect Event Emission in Redeem Function

#9 c4-bot-4 opened 5 months ago
0
Math.sol library uses the bitwise-xor operator instead of the exponentiation operator

#8 c4-bot-4 opened 5 months ago
0
There is couple of issues with the privius code.

#7 c4-bot-10 opened 5 months ago
0