Platform: Code4rena
Start Date: 27/11/2023
Pot Size: $60,500 USDC
Total HM: 7
Participants: 72
Period: 7 days
Judge: Picodes
Total Solo HM: 2
Id: 309
League: ETH
Rank: 52/72
Findings: 1
Award: $11.32
🌟 Selected for report: 0
🚀 Solo Findings: 0
🌟 Selected for report: osmanozdemir1
Also found by: 0xCiphky, Audinarey, Banditx0x, CRYP70, Cryptor, D1r3Wolf, KupiaSec, LokiThe5th, Sathish9098, Skylice, ThenPuli, Topmark, Udsen, ZanyBonzy, baice, ether_sky, fatherOfBlocks, foxb868, grearlake, hihen, hubble, hunter_w3b, lanrebayode77, leegh, lsaudit, minhtrng, nocoder, onchain-guardians, ptsanev, ro1sharkm, seaton0x1, sivanesh_808, t4sk, tapir, tpiliposian, ustas
11.3163 USDC - $11.32
The project contains many instances of code that can loop indefinitely, leading to exhaustion of gas and transaction failure if the number of loops is excessive. https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/tokens/ERC1155Minimal.sol#L178-L191 https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/multicall/Multicall.sol#L14-L35
Limit the number of loops, recommend users to process in batches.
Many contracts within the project are using a floating pragma version, which could lead to compatibility issues with different compiler versions. It's advisable to specify a fixed compiler version in the pragma directive for greater consistency and safety https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/tokens/ERC1155Minimal.sol#L2 https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/types/LeftRight.sol#L2
Input addresses should be checked against address(0) to prevent unexpected behavior. https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/SemiFungiblePositionManager.sol#L351-L396 https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/tokens/ERC1155Minimal.sol#L77-L81
Lack of two-step procedure for critical operations leaves them error-prone.
Consider adding a two-steps pattern and a timelock on critical changes to avoid modifying the system state. https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/tokens/ERC1155Minimal.sol#L77-L81
Adding an event will facilitate offchain monitoring when changing system parameters.
Events that mark critical parameter changes should contain both the old and the new value.
Some functions return named variables, others return explicit values.
Following function returns an explicit value. https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/tokens/ERC1155Minimal.sol#L200-L204 Following function return returns a named variable. https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/tokens/ERC1155Minimal.sol#L178-L191
https://github.com/code-423n4/2023-11-panoptic/blob/main/contracts/SemiFungiblePositionManager.sol
#0 - c4-judge
2023-12-14T16:55:37Z
Picodes marked the issue as grade-b