Premium computation is wrong when user go full long on a positionKey #483
Labels
bug
Something isn't working
downgraded by judge
Judge downgraded the risk level of this issue
duplicate-211
grade-b
Q-08
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
sponsor disputed
Sponsor cannot duplicate the issue, or otherwise disagrees this is an issue
Lines of code
https://github.com/code-423n4/2023-11-panoptic/blob/f75d07c345fd795f907385868c39bafcd6a56624/contracts/SemiFungiblePositionManager.sol#L1255-L1329
Vulnerability details
Impact
Premium computation is wrong when user want to create a long position. Any protocol that will be created on top of sfpm cannot rely on premium computation of sfpm.
For instance, an user want to short an lp position by first minting an liquidity position on uniswap v3 through sfpm, and then going long (isLong = 1) on the entire liquidity minted previously. In that case,
getAccountPremium
of sfpm will always return 0 for both tokens. In that case, the premium should befeeGrowthX128 * T * (1+ spread)
.Proof of Concept
Tools Used
Recommended Mitigation Steps
Forbid going long on the entire liquidity minted.
Assessed type
Invalid Validation
The text was updated successfully, but these errors were encountered: