-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error in maxMint
calculation
#370
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-501
grade-b
Q-23
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
🤖_61_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Comments
c4-bot-8
added
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
labels
Apr 22, 2024
Picodes marked the issue as duplicate of #553 |
Picodes marked the issue as not a duplicate |
Picodes marked the issue as primary issue |
c4-judge
added
the
primary issue
Highest quality submission among a set of duplicates
label
Apr 25, 2024
actually is dup #553 , conf'd there |
dyedm1
added
the
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
label
Apr 29, 2024
c4-judge
added
duplicate-553
and removed
primary issue
Highest quality submission among a set of duplicates
labels
Apr 29, 2024
Picodes marked the issue as duplicate of #553 |
Picodes marked the issue as satisfactory |
c4-judge
added
satisfactory
satisfies C4 submission criteria; eligible for awards
duplicate-501
and removed
duplicate-553
labels
Apr 29, 2024
c4-judge
added
downgraded by judge
Judge downgraded the risk level of this issue
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
and removed
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
labels
May 9, 2024
Picodes changed the severity to QA (Quality Assurance) |
Picodes marked the issue as grade-b |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-501
grade-b
Q-23
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
🤖_61_group
AI based duplicate group recommendation
satisfactory
satisfies C4 submission criteria; eligible for awards
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Lines of code
https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/CollateralTracker.sol#L446
Vulnerability details
The calculation of the maximum shares received for a deposit in
CollateralTracker.sol
is incorrect.In the
mint()
function, the assets received for a mint are being calculated using thepreviewMint()
function, which has a mismatch with the currentmaxMint()
function in the scenario in which the max possible assets are being deposited for the mint.Impact
Detailed description of the impact of this finding.
Proof of Concept
Currently the
maxMint()
function calculates the max shares as follows :and
previewMint()
calculates the assets received as :The derived formula does not match the formula used in
maxMint()
leading to incorrect calculation of shares.Tools Used
Manual Review
Recommended Mitigation Steps
The text was updated successfully, but these errors were encountered: