Premia owed Skipped for Long Positions with No Current Liquidity in pool #190
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-211
edited-by-warden
grade-a
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Lines of code
https://github.com/code-423n4/2023-11-panoptic/blob/f75d07c345fd795f907385868c39bafcd6a56624/contracts/SemiFungiblePositionManager.sol#L936
https://github.com/code-423n4/2023-11-panoptic/blob/f75d07c345fd795f907385868c39bafcd6a56624/contracts/SemiFungiblePositionManager.sol#L1200
Vulnerability details
Vulnerability Details:
In the protocol, uniswap fees and premia for a position's legs are calculated within the
_collectAndWritePositionData
function, which is invoked by_createLegInAMM
. This latter function handles both minting and burning of token positions. The protocol performs a check for existing liquidity before collecting accumulated fees, if there isn’t any it skips over the function.However, an issue exists in the case of creating a long position (
isLong == 1
), where the entire current liquidity is used up, leading to acurrentLiquidity.rightSlot()
being zero:In this scenario, the next check for existing liquidity in
_createLegInAMM
would skip the _collectAndWritePositionData function. This is fine for the uniswap fees as no additional fees would have been accumulated with zero liquidity in the pool, however since_collectAndWritePositionData
deals with the premia owed as well, the open long’s owed premia will not be accounted for in that time slot.Impact:
Tools Used:
Manual analysis
Recommendation:
The protocol should revise its logic to ensure that premia owed by users are consistently accounted for, regardless of the liquidity status in a position.
Assessed type
Other
The text was updated successfully, but these errors were encountered: