Panoptic - catellatech's results

<div align="center"> <h1> Panoptic</h1> <h5>Effortless options trading on any token, any strike, any size.</h5> </div>

Index

• Index
• 1. Panoptic: A Comprehensive Overview
• 2. All the contracts and the analyses of them
  • 1. SemiFungiblePositionManager Contract :
  • 2. ERC1155Minimal Contract:
  • 3. LeftRight Contract:
  • 4. LiquidityChunk Contract:
  • 5. TokenId Contract:
  • 6. CallbackLib Contract:
  • 7. Constants Contract :
  • 8. Errors Contract:
  • 9. FeesCalc Contract:
  • 10. Math Contract:
  • 11. PanopticMath Contract:
  • 12. SafeTransferLib Contract:
  • 13. Multicall Contract:
• 3. Panoptic Architecture
• 4. Systemic Risks
• 5. Security Approach of the Project
• New insights and learnings from the Panoptic project
  • Handling Positions in Uniswap V3:
  • Interaction with Uniswap and Extended Functionality:
  • Gas Efficiency:
  • Options Integration:

The Process and Steps We Followed for Codebase Evaluation

Our approach to analyzing the source code of the Panoptic Protocol was to simplify the information provided by the protocol, using a variety of diagrams to visually clarify the project's key contracts and break down each important part of these contracts. This enhances understanding for developers, security researchers, and users alike. We identified the fundamental concepts and employed simpler language to explain the functionality and goals of the Panoptic Protocol. Furthermore, we organized the information logically into separate sections, each with identifying titles, to provide a clear overall picture of the subject. Our primary goal was to make the information more accessible and easy to understand.

1. Panoptic: A Comprehensive Overview

Panoptic is the perpetual, oracle-free options protocol, addresses the limitation of Uniswap v3 by introducing an innovative solution that enables Liquidity Providers to earn additional yields by lending their liquidity tokens. This is achieved through a Semi-Fungible Position Manager, allowing LPs to earn beyond traditional fees by participating in Panoptic's options market.

2. All the contracts and the analyses of them

The scope provided by the protocol involved 3 contracts and 10 libraries. Let's take a closer look at each of them:

1. SemiFungiblePositionManager Contract :

• The core functionality of Panoptic, the SemiFungiblePositionManager (SFPM) is a gas-efficient alternative to Uniswap's NonFungiblePositionManager (NFPM). It efficiently manages complex, multi-leg Uniswap positions encoded in ERC1155 tokenIds. The SFPM facilitates swaps, allowing users to mint positions with only one type of token. Importantly, it supports the minting of both typical LP positions, where liquidity is added to Uniswap, and "long" positions, where Uniswap liquidity is burnt. While it is a core component of the Panoptic V1 protocol, the SFPM can also function as a standalone liquidity manager available for use by any user or protocol.

2. ERC1155Minimal Contract:

• A simplified realization of the ERC1155 token standard, focusing on essential functionality without including metadata features.

3. LeftRight Contract:

• Design and implementation of specialized data structures capable of storing two 128-bit numerical values.

4. LiquidityChunk Contract:

• Design and implementation of a tailored data type capable of representing a Uniswap liquidity chunk with specific attributes, including tickLower, tickUpper, and liquidity.

5. TokenId Contract:

• Implementation of a customized data type utilized in the Semi-Fungible Position Manager (SFPM) and Panoptic to encode position data within 256-bit ERC1155 tokenIds. This data type encompasses a pool identifier and accommodates up to four complete position legs.

6. CallbackLib Contract:

• Library for verifying and decoding callbacks from Uniswap.

7. Constants Contract :

• Library of Constants used in Panoptic.

💡Note: We did not create diagrams for this library as we believe its description is clear enough. However, if someone reading this is not familiar with the concept, constant variables are those whose value remains unchanged. In this case, they have been written in a separate file to maintain code readability and organization.

8. Errors Contract:

• Stores all custom errors utilized in the core contracts of Panoptic.

💡Note: As for the "constants" library, we refrained from creating diagrams as its purpose is quite clear.

9. FeesCalc Contract:

• Utility for calculating current swap fees for liquidity chunks.

10. Math Contract:

• Library containing generic math functions, including abs(), mulDiv, etc.

11. PanopticMath Contract:

• Library encompassing advanced Panoptic/Uniswap-specific functionality, including features such as TWAP, price conversions, and position sizing math.

12. SafeTransferLib Contract:

• Safe ERC20 transfer library designed to handle token transfers gracefully, even in scenarios where return values might be missing.

13. Multicall Contract:

• Abstract contract the extends inheriting contracts with a function enabling the execution of multiple calls within a single transaction.

3. Panoptic Architecture

4. Systemic Risks

When reviewing the source code and documentation, we encountered questions where we could highlight certain aspects that we find important regarding potential systemic risks

• Security of ERC-20:

  • Ensure that ERC-20 token transfer operations are secure and avoid potential vulnerabilities such as reentrancy.

  • Carefully validate the results of operations and handle possible errors appropriately.

• Complexity and Efficiency:

  • Consider gas efficiency, especially in critical operations such as transfers and mathematical calculations.

• Testing:

  • The audit scope of the contracts to be reviewed is 100% but we recommended to make a test suite of invariants tests in the future to increase the safety of the project and to validate the code's robustness.

5. Security Approach of the Project

What the project can add in the understanding of security:

• After the Code4rena audit is completed and the project is live, I recommend the audit process to continue, projects like immunefi.

New insights and learnings from the Panoptic project

Handling Positions in Uniswap V3:

The introduction of the SemiFungiblePositionManager addresses the limitation of LP tokens in Uniswap V3, allowing Liquidity Providers to earn additional returns by lending their LP tokens.

Interaction with Uniswap and Extended Functionality:

Specific functions are provided to interact with Uniswap V3, calculate fees, manage complex positions, and perform advanced operations.

Gas Efficiency:

Gas efficiency is emphasized in various contracts, such as SafeTransferLib, which handles secure transfers of ERC-20 tokens efficiently.

Options Integration:

The protocol seems to incorporate functionalities related to financial options, allowing LPs to earn additional returns from options buyers.

Time spent:

15 hours