0xSimao

Bug Deep Dive #33

Sun, 18 Jan 2026 12:36:28 -0800

Jackpot enforces pool cap as the following:

This is to ensure the following:

bonusBallMax + normalBallMax <= MAX_BIT_VECTOR_SIZE
Pool cap does not exceed governance pool cap

Otherwise, TicketComboTracker cannot properly store purchased Ticket on max bonus ball, since the following will revert with overflow:

However, LP pool cap can be exceeded on drawing settlement, because new LP value calculation does not enforce the same pool cap logic:

Since LP value can grow by up to lpEdgeTarget = 30% on every draw without any jackpot winner, governance cap or calculated limit can be exceeded, if previous total pool was just below the surface.

Impact

Important invariants can be broken on settlement drawing:

Pool Cap...Read More

Mentorship Series #26

Thu, 15 Jan 2026 18:37:56 -0800

We finished the Panoptic contest on Code4rena.
Lesson Summary:
Verify pool ID packing/unpacking end-to-end — Confirm truncation (e.g., last 40 bits of Uniswap pool address), void bits (8-bit field), tick spacing (48-bit), and shift amounts (e.g., >>112, >>240) match exactly between encode (constructor/init) and decode (getters) to avoid silent truncation or ID collisions.
Test collision handling in while loops rigorously — When incrementing pool patterns (+1 on lower bits) to avoid address clashes, fuzz edge cases (all-1s in 40-bit field, overflow into void/tick spacing bits) — confirm cast-back-to-uint40 correctly wraps without corrupting higher fields.
Check initialization guards are tamper-proof — Ensure isInitialized bit (often left-shifted high, e.g., <<240) can’t be faked via direct storage writes or re-initialization attacks; verify it’s only set once during legitimate pool creation and unpacked correctly (e.g., >>240 > 0).
Evaluate permissionless tick expansion impact — For functions like expand that any user can call, assess griefing vectors: flash-loan → massive deposit → expand ticks → withdraw → revert ranges;...Read More

Mentorship Series #25

Thu, 15 Jan 2026 18:37:54 -0800

We continued the Panoptic contest on Code4rena.
Lesson Summary:
Simulate full sequences (accrue → deposit/withdraw → accrue again) to catch borrow index desync or double-burning shares.
Verify borrow index always updates proportionally on partial burns — stale index after exact-balance interest payment can wipe users out.
Cross-check time handling: epoch (4s steps) vs raw block.timestamp mismatches → 0 delta in one contract while the other accrues → state drift.
Test same-block loops on accrueInterest(): non-incrementing epoch + positive elapsed time can repeatedly inflate borrow rate toward max.Flag asymmetric rate math (faster increases than decreases, uncapped linear adaptation) — suspicious unless docs explicitly justify volatility or one-sided speed.
Read More

Mentorship Series #24

Thu, 15 Jan 2026 18:37:52 -0800

We continued the Panoptic contest on Code4rena.
Lesson Summary:## Notes
When the user doesn't have enough balance, his index is not updated. What happens if the user deposits more afterwards?
100 USDC, user has only 50 balance. They burn this 50 balance, index is not updated. If he deposits 100 again, how much is he going to pay? Will he have to pay 50 shares of interest, because he paid 50 already, or will he have to pay 100 again, totalling 150?
Is there a health check in the Pool?
What if linearAdaptation is not zero but is very small?
How big can linear adaptation get?
If called every block, the linear adaptation should be small. What happens to the rate? Is there a maximum rate? max speed?
Read More

Mentorship Series #23

Thu, 15 Jan 2026 18:37:50 -0800

We continued the Panoptic contest on Code4rena.
Lesson Summary:
There seems to be enough precision when the utilization(err) is small, because it only rounds down to 0 when err is super small
trapezoidal rule in the borrowRate fn - check if it works with all values/conditions
Check yearn exploit post-mortem
What if all the rates are 0? See potential edge cases with this trapezoidal rule - can't happen because of line 1841 _borrowRate
How are they handling elapsed == 0 in _borrowRate? - they handle precision pretty well
What if I spam _borrowRate? - OK
Call it often, don't call it often, not calling it one day, huge deposit, borrow a lot
Read More

Mentorship Series #22

Thu, 15 Jan 2026 18:37:48 -0800

We continued the Panoptic contest on Code4rena.
Lesson Summary:
Downcasting cuts the number, watch closely for such casts
ERC4626 and vaults check assets for zero amount, not shares
Check the cast in the withdraw fn, can it cause a problem? - ok
Play with numbers with all the branches in the accrueInterest fn
Can someone call a fn which accrues interest and screw another `owner` (trigger the !isDeposit) branch to make the other owner burn his shares?
User has enough balance
User has not enough balance and it's not a deposit
User does not have enough balance but it's a deposittransfer ---> deposit, basically search for ways for users to game the accrueing of interest somehow
Read More

Mentorship Series #21

Thu, 15 Jan 2026 18:37:45 -0800

We continued the Panoptic contest on Code4rena.
Lesson Summary:
Entry point for UniswapV4 is the `unlock` function(call unlock and it callbacks you)
NonZeroDeltaCount must be 0 after every UniV4 pool swap
UniV4 callback implementation should always check if the msg.sender is the pool
UniV4 delta could be positive or negative - depends if you send funds to UniV4 or UniV4 sends funds to you
sync needs to be called before settles in UniV4
Transfer `delta` to the UniV4 pool first, then you .mint 1-1 the delta you transferred
Check if .symbol can revert before going to the catch(like in Sukukfi)
Check how uniV4 delta works - when's the delta negative/positive(on send or on receive)? Negative - Pool manager is owed tokens, positive - user is owed tokens
Check why aren't they calling `sync` in one of the branches in `unlockCallback` - ОК
Check if tokens with Reentrancy are in-scope
What happens if the delta is type(int256).min and I negate it?
Read More

Mentorship Series #20

Thu, 15 Jan 2026 18:37:42 -0800

We continued the Panoptic contest on Code4rena.
Lesson Summary:
Offset is the byte position in calldata where immutable arguments start. It's used by the Clone pattern to read immutable args.
2. calldata loads 32 bytes. When you load 32 bytes from an offset, you then need to shift whatever amount is needed in order to only get the info in the bytes you need
One Epoch is 4 seconds
Strengthen bits, bytes, shifting knowledge
Try to memorize the variables, if needed close your eyes and repeat each one. This is important for context
Read More

Mentorship Series #19

Thu, 15 Jan 2026 18:37:39 -0800

We continued the Panoptic contest on Code4rena.
Lesson Summary:
Master bit manipulation first — Prioritize learning shifts (<<, >>), masks (&, |, ~), packing/unpacking, and signed integer behavior before diving deep; once comfortable, most "complex" libraries become straightforward helpers.
Treat bit-packing as storage optimization, not magic — Expect every value (ticks, liquidity, pointers, legs, flags) crammed into 256-bit words with manual getters/setters; always trace back to the packing layout comment or constants to verify offsets and ranges.
Watch for negative number rounding traps — When averaging or dividing for medians/averages (e.g., (a + b) / 2), Solidity’s toward-zero division rounds negative numbers “up” (toward zero) — flag this for consistency checks in tick/price calculations.
Be extra suspicious of unchecked blocks — They appear everywhere in extreme-optimization code; carefully verify arithmetic (especially +, - in clamps or deltas) can’t overflow/underflow in ways that break logic (e.g., int24 wrap-around making values unexpectedly small).Lean on fuzz testing for confidence — Once you understand the bit logic, write fuzz tests for encode/decode/update functions — deterministic packing is usually easy to prove correct (or find bugs) with good coverage, so don’t skip this step even if it initially looks clean.
Read More

Mentorship Series #18

Thu, 15 Jan 2026 18:37:36 -0800

We started the Panoptic contest on Code4rena.
Lesson Summary:
OZ multicall had a bug when using multicall with metatransactions
If the protocol is too big, start with smaller files - constants, libraries, types, etc. which you can go through first so you gain more context for the harder stuff
uint ---> int can mess things up
Read More