User can avoid force exercise by front-running and mint/burn another position #532
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-352
grade-b
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
🤖_352_group
AI based duplicate group recommendation
Lines of code
https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/PanopticPool.sol#L1268
https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/PanopticPool.sol#L893
https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/PanopticPool.sol#L1367-#L1395
Vulnerability details
Vulnerability details
When calling
forceExercise()
function,_validateSolvency()
is called to check positionIdList ofaccount
:It will validate position list of
account
:This function will revert if hash is incorrect:
And the hash is updated whenever nwe position of user is updated/removed by calling
_updatePositionsHash()
function:It lead to scenario that
account
can avoid being forced to execute by minting/burning other option that to make sure numbers of option of the user is is smaller thanMAX_POSITIONS
Impact
Option can be avoid to be force executed, user's funds is locked.
Tools Used
Manual review
Recommended Mitigation Steps
Mechanism related to hash of position list should be changed.
Assessed type
Context
The text was updated successfully, but these errors were encountered: