Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Anzen and protocol-v2>Informational findings>Unnecessary ,transfer, functionality in LockingToken
GeneralOverview
Findings
High (1)
Medium (3)
Low (2)
Informational (4)Deletion does not delete all valuesMissing _disableInitializersUnnecessary transfer functionality in LockingTokenLack of test flows
DiscussionLack of test flows
Threat ModelWhat are threat models?AnzenGaugeControllerBaseUpg.solAnzenVotingControllerUpg.solLockedUsdzMarket.solLockingToken.solMainnetUSDzMarket.solStakePool.solVotingEscrowAnzenMainchain.solVotingEscrowAnzenSidechain.solVotingResultBroadcaster.sol
Audit ResultsAssessment Results
Category: Coding Mistakes

Unnecessary transfer functionality in LockingToken

Informational Severity
Informational Impact
N/A Likelihood

Description

LockingToken is intended for users to lock their Aerodrome LP positions directly with the Anzen protocol. This design ensures that users receive rewards directly from the protocol, bypassing indirect rewards through Aerodrome bribes. However, the transfer functionality within the LockingToken contract appears unnecessary for its intended purpose.

Impact

While there are no direct security vulnerabilities associated with this functionality, having unnecessary features increases the contract's attack surface. This can potentially expose the system to unforeseen vulnerabilities in the future.

Recommendations

Remove the transfer functionality from the LockingToken contract to reduce the attack surface and maintain simplicity.

Remediation

Anzen Labs Inc. provided the following response:

The team decided to not make changes for those issues at this time

Zellic © 2025Back to top ↑