Verify a decision

{"actor":"system:backfill","investigation_id":"ccd5c96d-c9d5-49cc-b59d-3dab935b8d49","kind":"publish","page_slug":"panoptic-v11","published_at":"2026-05-28T19:07:05.884Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Panoptic V1.1","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://panoptic.xyz/blog/panoptic-defi-options-protocol-introduction","type":"other","url":""},{"credibility":3,"name":"https://www.advancedblockchain.com/blogs/how-advanced-blockchain-synergized-and-built-panoptic","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/192207/uniswap-based-defi-protocol-panoptic-raises-4-5-million","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/263771/panoptic-raises-7-million-to-build-perpetual-options-platform-for-defi","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/panoptic-v1.1","type":"other","url":""},{"credibility":3,"name":"https://arxiv.org/pdf/2204.14232","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://panoptic.xyz/research/introducing-panoptic-smart-contracts","type":"other","url":""},{"credibility":3,"name":"https://github.com/panoptic-labs/panoptic-v1-core","type":"other","url":""},{"credibility":3,"name":"https://panoptic.xyz/blog/position-spoofing-post-mortem","type":"other","url":""},{"credibility":3,"name":"https://arxiv.org/html/2204.14232v3","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://panoptic.xyz/blog/position-spoofing-post-mortem","type":"other","url":""},{"credibility":3,"name":"https://x.com/Panoptic_xyz/status/1964010635026715015","type":"other","url":""},{"credibility":3,"name":"https://cantina.xyz/bounties/01da0370-eacb-48a2-a2df-3aa44f7bc838","type":"other","url":""},{"credibility":3,"name":"https://panoptic.xyz/blog/panoptic-september-2025-newsletter","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://panoptic.xyz/blog/position-spoofing-post-mortem","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/panoptic-v1.1","type":"other","url":""},{"credibility":3,"name":"https://basescan.org/address/0xa32b14c4e35d1a1cdd2bbe06213ba90eddb1433c","type":"other","url":""},{"credibility":3,"name":"https://etherscan.io/address/0x1393ad734EA3c52865b4B541cf049dafd25c23a5","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://theorg.com/org/panoptic/org-chart/guillaume-lambert","type":"other","url":""},{"credibility":3,"name":"https://www.uniswapfoundation.org/blog/builder-stories-guillaume-lambert-on-transforming-the-lp-experience","type":"other","url":""},{"credibility":3,"name":"https://www.advancedblockchain.com/blogs/how-advanced-blockchain-synergized-and-built-panoptic","type":"other","url":""},{"credibility":3,"name":"https://arxiv.org/pdf/2204.14232","type":"other","url":""},{"credibility":3,"name":"https://uniswapfoundation.mirror.xyz/2ic8OAy1a5VjZfZacWp54J3LMbeT7hLrx635D7CBcFg","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://panoptic.xyz/docs/security/security_audits","type":"other","url":""},{"credibility":3,"name":"https://code4rena.com/reports/2024-04-panoptic","type":"other","url":""},{"credibility":3,"name":"https://code4rena.com/audits/2023-11-panoptic","type":"other","url":""},{"credibility":3,"name":"https://cantina.xyz/bounties/01da0370-eacb-48a2-a2df-3aa44f7bc838","type":"other","url":""},{"credibility":3,"name":"https://code4rena.com/audits/2025-12-panoptic-next-core","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://panoptic.xyz/blog/position-spoofing-post-mortem","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/panoptic-v1.1","type":"other","url":""},{"credibility":3,"name":"https://code4rena.com/reports/2024-04-panoptic","type":"other","url":""},{"credibility":3,"name":"https://cantina.xyz/bounties/01da0370-eacb-48a2-a2df-3aa44f7bc838","type":"other","url":""}]}],"sources_used":[],"summary":"Panoptic V1.1 is a permissionless, oracle-free perpetual options protocol built on Uniswap V3 liquidity positions, developed by Panoptic Labs and incubated by Advanced Blockchain AG. On August 25, 2025, a Cantina researcher disclosed a critical position-spoofing vulnerability rooted in the protocol's XOR-based fingerprinting system, placing approximately $4–5 million in user funds at risk. A coordinated whitehat rescue secured over 98% of remaining at-risk funds, and ZachXBT flagged the incident, contributing to reduced community trust in the V1.1 deployment.","timeline":[{"date":"2022-04-28","event":"Guillaume Lambert publishes the Panoptic whitepaper on arXiv, establishing the theoretical basis for perpetual oracle-free options via Uniswap V3 LP positions.","source":""},{"date":"2022-12-01","event":"Panoptic closes a $4.5 million seed round led by gumi Cryptos Capital, with Uniswap Labs Ventures, Coinbase Ventures, and Jane Street participating.","source":""},{"date":"2023-11-01","event":"Panoptic launches its first Code4rena competitive audit.","source":""},{"date":"2023-11-01","event":"Panoptic closes a $7 million seed round led by Greenfield Capital, bringing total disclosed funding to $11.5 million.","source":""},{"date":"2024-04-22","event":"Code4rena April 2024 audit identifies 2 high-severity and 9 medium-severity findings, including two reports partially describing position list manipulation weaknesses.","source":""},{"date":"2024-06-10","event":"Code4rena June 2024 follow-up audit finds zero high- or medium-severity issues.","source":""},{"date":"2024-10-10","event":"Code4rena final V1.0 review finds no high or medium severity issues. Protocol prepares for mainnet launch.","source":""},{"date":"2024-11-07","event":"Cantina completes initial V1.1 protocol audit.","source":""},{"date":"2024-11-20","event":"Cantina completes final V1.1 protocol audit.","source":""},{"date":"2025-01-28","event":"Code4rena completes V1.1 protocol review with two independent wardens. No critical findings disclosed publicly.","source":""},{"date":"2025-08-25","event":"A Cantina researcher reports a critical position-spoofing vulnerability to the Panoptic team. The flaw involves XOR-based fingerprinting susceptible to polynomial-time collision attacks. Panoptic confirms feasibility within four hours and begins emergency user notifications.","source":""},{"date":"2025-08-26","event":"Approximately $2.35 million is voluntarily withdrawn by users following emergency notifications.","source":""},{"date":"2025-08-27","event":"Approximately $1.6 million remains at risk. Team continues outreach via Discord and SEAL 911.","source":""},{"date":"2025-08-28","event":"Primary whitehat rescue executed on Ethereum mainnet at block 23242436 at 5:55 PM EDT. Subsequent rescues completed on Base and Unichain. Over 98% of remaining at-risk funds secured. All recovered assets transferred to vault.panoptic.eth.","source":""},{"date":"2025-08-28","event":"Cantina researcher awarded $250,000 maximum bug bounty for responsible disclosure.","source":""},{"date":"2025-09-01","event":"Panoptic publishes the position-spoofing post-mortem and September newsletter detailing the incident, technical root cause, and fund recovery process.","source":""}]},"v":1}