Platform: Code4rena
Start Date: 27/11/2023
Pot Size: $60,500 USDC
Total HM: 7
Participants: 72
Period: 7 days
Judge: Picodes
Total Solo HM: 2
Id: 309
League: ETH
Rank: 63/72
Findings: 1
Award: $11.32
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: osmanozdemir1
Also found by: 0xCiphky, Audinarey, Banditx0x, CRYP70, Cryptor, D1r3Wolf, KupiaSec, LokiThe5th, Sathish9098, Skylice, ThenPuli, Topmark, Udsen, ZanyBonzy, baice, ether_sky, fatherOfBlocks, foxb868, grearlake, hihen, hubble, hunter_w3b, lanrebayode77, leegh, lsaudit, minhtrng, nocoder, onchain-guardians, ptsanev, ro1sharkm, seaton0x1, sivanesh_808, t4sk, tapir, tpiliposian, ustas
11.3163 USDC - $11.32
https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/SemiFungiblePositionManager.sol#L519-L533 https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/SemiFungiblePositionManager.sol#L485-L500
Front running is a constant attack which occurs on AMM protocols and as a result, allowing the user to specify a deadline is useful to ensure that a transaction is not able to be maliciously executed. Because there is no check, it could be more profitable for a validator to deny the transaction from executing which results in the maximum amount of slippage or executing a transaction at an unfavourable time for the user.
_mintTokenizedPosition:
_burnTokenizedPosition:
Manual review
Recommend including a deadline parameter and asserting that the transaction is executed before this time.
MEV
#0 - c4-judge
2023-12-14T14:42:07Z
Picodes marked the issue as duplicate of #233
#1 - c4-judge
2023-12-26T00:28:09Z
Picodes changed the severity to QA (Quality Assurance)