Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Anzen and protocol-v2>Threat Model>Function: adminFillOffer(uint256 offerId, uint256 usdzAmount)
GeneralOverview
Findings
High (1)
Medium (3)
Low (2)
Informational (4)
DiscussionLack of test flows
Threat ModelWhat are threat models?AnzenGaugeControllerBaseUpg.solAnzenVotingControllerUpg.solLockedUsdzMarket.solLockingToken.sol
MainnetUSDzMarket.solFunction: adminFillOffer(uint256 offerId, uint256 usdzAmount)Function: cancelOffer(uint256 offerId)Function: createOffer(uint256 tokenId, uint256 amount, uint256 askPrice)Function: fillOffer(uint256 offerId, uint256 amount)
StakePool.solVotingEscrowAnzenMainchain.solVotingEscrowAnzenSidechain.solVotingResultBroadcaster.sol
Audit ResultsAssessment Results

Function: adminFillOffer(uint256 offerId, uint256 usdzAmount)

The function allows a user with the POOL_MANAGER_ROLE to fill an offer, involving complex interactions with external contracts for redemption and repayment.

Inputs

  • offerId

    • Control: Arbitrary.

    • Constraints: Must correspond to an existing offer.

    • Impact: The parameter identifies the specific offer to fill.

  • usdzAmount

    • Control: Arbitrary.

    • Constraints: Must be a positive value and should not exceed the remaining amount in the offer.

    • Impact: The parameter determines how much USDz is to be transacted.

Branches and code coverage

Intended branches

  • Deduct usdzAmount from the offer's amount, calculate requiredUSDC, and interact with external contracts for token swaps and transfers.

  • If the offer amount becomes zero after the transaction, decrement pendingOffersCount and delete the offer.

Negative behavior

  • Revert if the offer has already been filled.

  • Revert if the usdzAmount is not greater than zero.

Zellic © 2025Back to top ↑