Platform: Code4rena
Start Date: 27/11/2023
Pot Size: $60,500 USDC
Total HM: 7
Participants: 72
Period: 7 days
Judge: Picodes
Total Solo HM: 2
Id: 309
League: ETH
Rank: 65/72
Findings: 1
Award: $11.32
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: osmanozdemir1
Also found by: 0xCiphky, Audinarey, Banditx0x, CRYP70, Cryptor, D1r3Wolf, KupiaSec, LokiThe5th, Sathish9098, Skylice, ThenPuli, Topmark, Udsen, ZanyBonzy, baice, ether_sky, fatherOfBlocks, foxb868, grearlake, hihen, hubble, hunter_w3b, lanrebayode77, leegh, lsaudit, minhtrng, nocoder, onchain-guardians, ptsanev, ro1sharkm, seaton0x1, sivanesh_808, t4sk, tapir, tpiliposian, ustas
11.3163 USDC - $11.32
swapATMint call is not called when tickLimitLow <= tickLimitHigh which isn't evident by the commentsThe comment here doesn't mention the fact that swapInAMM should only be called when swapATMint is true and when tickLimitLow > tickLimitHigh
manual review
either update the comment or the if condition
https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/SemiFungiblePositionManager.sol#L407 https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/SemiFungiblePositionManager.sol#L441 https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/SemiFungiblePositionManager.sol#L1200 https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/SemiFungiblePositionManager.sol#L1073
Events are necessary for these functions for better logging since there are multiple things happening in each method in the contract
manual review
add missing events
https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/SemiFungiblePositionManager.sol#L351 https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/SemiFungiblePositionManager.sol#L482 https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/SemiFungiblePositionManager.sol#L516
lack of input validation would delay reverting of a transaction for inavlid inputs so ideally a tx could be reverted early and gas could be saved
manual review
add missing input validation checks
Event is emitted before the function ends, so a event can be emitted and still the function could revert. If there is any of-chain node or server that is looking for the event emittion then they can mistakenly consider that the function is completed but instead the function could revert
manual review
move the event emittion to the end of funcion.
uint256The code is using uint256 alot of times, it is not good to use, the maximum number of legs are 4 and still the code is using uint256 to save the number of legs, you can see it here, this is not efficient way use lower value of uint as more uint can be stored in single slot
manual review
use lower value for uint
#0 - c4-judge
2023-12-14T16:58:09Z
Picodes marked the issue as grade-b