Skip to content

Issues: code-423n4/2024-04-panoptic-findings

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

66 Open 515 Closed
66 Open 515 Closed
Author
Filter by author
Loading
Label
Filter by label
Loading
Use alt + click/return to exclude labels
or + click/return for logical OR
Projects
Filter by project
Loading
Milestones
Filter by milestone
Loading
Assignee
Filter by who’s assigned
Sort
Sort by
Newest Oldest Most commented Least commented Recently updated Least recently updated Best match
Most reactions
👍 👎 😄 🎉 😕 ❤️ 🚀 👀

Issues list

Attacker can mint long position with dust amount to make a loss to protocol bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-313 grade-b Q-01 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_352_group AI based duplicate group recommendation
#581 opened Apr 22, 2024 by c4-bot-6
4
Nondeterministic clone can cause issues in case of reorg bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a primary issue Highest quality submission among a set of duplicates Q-02 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#573 opened Apr 22, 2024 by c4-bot-1
6
QA Report bug Something isn't working grade-a Q-03 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax selected for report This submission will be included/highlighted in the audit report
#568 opened Apr 22, 2024 by c4-bot-8
4
Return values of approve() not checked bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#565 opened Apr 22, 2024 by c4-bot-4
2
QA Report bug Something isn't working grade-b Q-05 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#563 opened Apr 22, 2024 by c4-bot-4
1
QA Report bug Something isn't working grade-a Q-04 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#560 opened Apr 22, 2024 by c4-bot-6
2
maxMint() violates EIP-4626 bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-501 grade-b Q-06 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_61_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#553 opened Apr 22, 2024 by c4-bot-2
7
QA Report bug Something isn't working grade-b Q-07 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#548 opened Apr 22, 2024 by c4-bot-8
1
Lack of Arbitrum Sequencer Uptime Checks in CollateralTracker Contract bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#546 opened Apr 22, 2024 by c4-bot-8
1
QA Report bug Something isn't working grade-a Q-08 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#542 opened Apr 22, 2024 by c4-bot-9
1
Median is not updated when burning a position, which can result in an inaccurate solvency check bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#540 opened Apr 22, 2024 by c4-bot-9
10
PanopticFactory uses spot price when deploying new pools, resulting in liquidity manipulation when minting 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-01 primary issue Highest quality submission among a set of duplicates 🤖_30_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#537 opened Apr 22, 2024 by c4-bot-7
8
haircutPremia will not cover protocol losses using liquidatee long premiums bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b primary issue Highest quality submission among a set of duplicates Q-09 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_242_group AI based duplicate group recommendation sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#534 opened Apr 22, 2024 by c4-bot-6
5
PanopticFactory can be bricked and become unusable bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-a primary issue Highest quality submission among a set of duplicates QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_16_group AI based duplicate group recommendation sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#523 opened Apr 22, 2024 by c4-bot-8
5
MaxLimit is not implemented in minting bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue duplicate-501 grade-b Q-10 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_61_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards
#513 opened Apr 22, 2024 by c4-bot-9
4
_validatePositionList() does not check for duplicate tokenIds, allowing attackers to bypass solvency checks 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue M-02 primary issue Highest quality submission among a set of duplicates 🤖_178_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#498 opened Apr 22, 2024 by c4-bot-3
13
SettleLongPremium is incorrectly implemented: premium should be deducted instead of added 3 (High Risk) Assets can be stolen/lost/compromised directly bug Something isn't working H-01 primary issue Highest quality submission among a set of duplicates 🤖_98_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report
#497 opened Apr 22, 2024 by c4-bot-6
4
QA Report bug Something isn't working grade-b Q-11 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#490 opened Apr 22, 2024 by c4-bot-7
2
CREATE2 address collision during pool deployment allows for complete draining of the pool 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working edited-by-warden M-03 primary issue Highest quality submission among a set of duplicates 🤖_99_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor acknowledged Technically the issue is correct, but we're not going to resolve it for XYZ reasons
#482 opened Apr 22, 2024 by c4-bot-10
5
Incorrect validation during checking liquidity spread 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-04 🤖_479_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#479 opened Apr 22, 2024 by c4-bot-10
2
Malicious users will purchase dust amount of options to prevent option sellers from burning their options bug Something isn't working downgraded by judge Judge downgraded the risk level of this issue grade-b primary issue Highest quality submission among a set of duplicates Q-12 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax 🤖_312_group AI based duplicate group recommendation sponsor disputed Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
#473 opened Apr 22, 2024 by c4-bot-10
6
Panoptic pool can be non-profitable by specific Uniswap governance 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-05 primary issue Highest quality submission among a set of duplicates 🤖_138_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#469 opened Apr 22, 2024 by c4-bot-7
4
_updateSettlementPostBurn() may not correctly reduce s_grossPremiumLast[chunkKey] 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-06 satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#462 opened Apr 22, 2024 by c4-bot-10
2
When Burning a Tokenized Position validate should be done before flipping the isLong bits in _validateAndForwardToAMM() 2 (Med Risk) Assets not at direct risk, but function/availability of the protocol could be impacted or leak value bug Something isn't working M-07 🤖_97_group AI based duplicate group recommendation satisfactory satisfies C4 submission criteria; eligible for awards selected for report This submission will be included/highlighted in the audit report sponsor confirmed Sponsor agrees this is a problem and intends to fix it (OK to use w/ "disagree with severity")
#459 opened Apr 22, 2024 by c4-bot-4
3
QA Report bug Something isn't working grade-a Q-14 QA (Quality Assurance) Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
#446 opened Apr 22, 2024 by c4-bot-9
1
ProTip! Adding no:label will show everything without a label.