Back to John_Femi's contests

Panoptic - John_Femi's results

Permissionless, perpetual options trading on any token, any strike, any size.

General Information

Platform: Code4rena

Start Date: 01/04/2024

Pot Size: $120,000 USDC

Total HM: 11

Participants: 55

Period: 21 days

Judge: Picodes

Total Solo HM: 6

Id: 354

League: ETH

Panoptic

Findings Distribution

Researcher Performance

Rank: 36/55

Findings: 1

Award: $32.96

🌟 Selected for report: 0

🚀 Solo Findings: 0

External Links

Code4rena Contest PageGithub Contest RepositoryGithub Findings RepositoryPanoptic

Findings Information

🌟 Selected for report: DadeKuma

Also found by: 0xStalin, 0xhacksmithh, 99Crits, Aymen0909, Bauchibred, CodeWasp, Dup1337, IllIllI, John_Femi, K42, KupiaSec, Naresh, Rhaydden, Rolezn, Sathish9098, Topmark, ZanyBonzy, albahaca, bareli, blockchainbuttonmasher, cheatc0d3, codeslide, crc32, d3e4, favelanky, grearlake, hihen, jasonxiale, jesjupyter, lanrebayode77, lirezArAzAvi, lsaudit, mining_mario, oualidpro, pfapostol, radin100, rbserver, sammy, satoshispeedrunner, slvDev, twcctop, zabihullahazadzoi

Awards

32.9585 USDC - $32.96

Labels

bug
downgraded by judge
grade-b
QA (Quality Assurance)
satisfactory
:robot:_61_group
duplicate-501
Q-10

External Links

Link to GitHub issue

Lines of code

https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/CollateralTracker.sol#L480

Vulnerability details

Impact

The maxMint function, which is intended to limit the amount of shares that can be minted based on the total supply of shares and the current pool utilization. The absence of the proper use for maxMint could lead to scenarios where users are able to mint more shares than intended, potentially leading to imbalances in the system or even allowing for the minting of an excessive number of shares beyond the protocol's limits. This does have low impact in imbalance of tokens in the system but high possibility.

Proof of Concept

https://github.com/code-423n4/2024-04-panoptic/blob/main/contracts/CollateralTracker.sol#L480

type(uint104).max > [assets to be minted] > maxMint

and type(uint104).max * totalSupply/totalAssets *dec/(dec+fee) <= maxMint

so for totalSupply <= totalAssets,

we can say maxMint < type(uint104).max

then the first can be true at any time

Tools Used

Manual Review

The function should ensure that the maximum number of shares that can be minted does not exceed the protocol's set limits, as defined by maxMint

Assessed type

Other

#0 - c4-judge

2024-04-25T20:46:17Z

Picodes marked the issue as duplicate of #553

#1 - c4-judge

2024-04-29T21:38:21Z

Picodes marked the issue as satisfactory

#2 - c4-judge

2024-05-09T19:15:20Z

Picodes changed the severity to QA (Quality Assurance)

#3 - c4-judge

2024-05-10T00:09:05Z

Picodes marked the issue as grade-b

AuditHub

A portfolio for auditors, a security profile for protocols, a hub for web3 security.

Built bymalatrax © 2024

Auditors

Browse

Contests

Browse

Get in touch

ContactTwitter