Introduction
On August 25, 2025, a critical vulnerability was discovered in Panoptic’s core protocol. Left unaddressed, it could have allowed an attacker to drain every last token in PanopticPool contracts across Ethereum mainnet and multiple L2s. But instead of a catastrophic exploit, what followed was a coordinated whitehat rescue, made possible by Panoptic’s pre-established Managed Detection and Response (MDR) program. Cantina's MDR enabled rapid detection, structured escalation, and multi-day crisis response, ultimately leading to the recovery of over $4 million in user funds.
This is the story of how it unfolded.
The Vulnerability
A Cantina researcher identified a flaw in how PanopticPool contracts verified user-held positions. The issue originated in Panoptic’s fingerprinting system for position lists, a process that used XOR-based hashing to create an aggregated fingerprint of all positions held by a user. This fingerprint was then used to validate whether a given list of positions matched the onchain record. The problem was that the protocol never confirmed whether the supplied position IDs were valid or owned by the caller.
Each Panoptic position was represented as a packed 256-bit integer, encoding its parameters such as strike, width, and option type. To reduce storage and computation costs, Panoptic used a hashing approach that combined the Keccak hashes of these position IDs into a single fingerprint via XOR aggregation. The fingerprint’s upper 8 bits stored a counter of total “legs” across positions, while the lower 248 bits represented the XOR of all position hashes.
This design allowed for gas-efficient computation but introduced a subtle vulnerability. XOR operations are associative, commutative, and self-canceling - properties that make them easy to manipulate. Because the protocol didn’t check whether each position ID corresponded to a legitimate or non-empty position, an attacker could craft arbitrary fake positions whose XOR combination produced the same fingerprint as a valid user’s. By feeding this spoofed list back to the contract, the attacker could trick the system into believing they were solvent.
In practice, this meant that an attacker could:
- Generate thousands of fake position IDs offchain.
- Use Gaussian elimination to find a combination of those IDs that produced the same XOR fingerprint as a real one.
- Supply that list to the smart contract to pass fingerprint validation.
Once this spoofed list was accepted, the attacker could open leveraged positions, withdraw collateral, or liquidate funds without triggering any solvency checks. It was a full bypass of Panoptic’s core accounting logic.
Initial Response
The vulnerability was reported on August 25. After internal review and testing, Panoptic confirmed its validity. Once verified, they activated emergency protocols, opened a war room with Cantina’s Incident Response team, and escalated to SEAL 911 for additional support. They wrote custom scripts to reproduce the attack vector and confirmed the issue was real and urgent.
With user funds actively at risk, Cantina’s team helped lead the first line of defense: social recovery. Together with Panoptic, we assembled contact lists from Discord, direct messages, community forums, and internal logs. Personalized withdrawal alerts were sent to over 50 users and partners. Within 12 hours, more than $2.35 million had been voluntarily withdrawn.
The Coordination Layer
Still, $1.6 million remained in vulnerable pools, much of it sitting in multisigs tied to other DeFi protocols. The team conducted onchain investigations, traced wallet linkages, and ultimately identified affiliated actors through Discord connections and centralized exchange support. Binance helped reach the remaining wallet owners, who promptly withdrew an additional $1.25 million.
With time running out, $550K still sat unclaimed across several Panoptic markets. At this point, the engineering focus turned from defense to recovery.
Building the Whitehat
Panoptic’s team began building custom Attacker contracts for each market. These whitehat contracts replicated the exploit vector exactly: use a flash loan to deposit collateral, open large leveraged positions, spoof the position list to eliminate collateral requirements, and withdraw all funds. Cantina supported the process by reviewing the whitehat strategy and validating that each recovery would succeed without disruption. We ensured the attack scripts executed cleanly and that all recovered funds would be safely returned to Panoptic’s multisig.
Each script was tested in isolation, executed only on a single developer’s machine, and never uploaded to shared repositories to avoid mempool leaks or blackhat frontrunning. Spoof lists were precomputed using Gaussian elimination to match each market’s hash output.
On Thursday, August 28, Panoptic deployed through a Flashbots RPC endpoint. The mainnet attack was broadcast first, recovering $383K from the largest markets. Immediately after, the team launched simultaneous whitehat rescues across Base and Unichain.
In total, over 98% of at-risk user funds were secured without a single dollar lost.
Recovery and Next Steps
All rescued funds were transferred to vault.panoptic.eth. Cantina also audited the Merkle-based distributor contract to ensure correctness and safety during fund recovery. Users were made whole through a transparent claim system with verifiable proofs and offchain dispute support. No assets were swapped or rehypothecated, every token was returned in kind.
Cantina’s researcher received the maximum bounty of $250,000 for responsible disclosure.
Lessons Learned
The Panoptic rescue showed what’s possible when response systems work as intended. No funds were lost. No user was exploited. Audits and bounties laid the groundwork, but it was live triage, targeted outreach, and coordinated execution that ensured every dollar was secured.
It also revealed the fragility of cryptographic assumptions. Position spoofing was made possible by shortcuts in hash validation. Even well-audited codebases can falter when edge-case logic is composed in new ways.
But the most decisive factor was the preparedness of the incident response layer. War rooms were spun up in minutes. Communication pathways were clear. The team acted with speed and precision, treating every hour as a resource.
Conclusion
The protocols that survive long-term will not be the ones with the most code coverage. They’ll be the ones with battle-tested coordination paths, integrated detection-to-recovery pipelines, and the operational maturity to act decisively under pressure.
Panoptic and Cantina showed what that looks like. When the moment came, they were ready.
If you want the same level of readiness, reach out. We’ll walk you through how Managed Detection & Response (MDR) can safeguard your protocol, before the exploit happens.