Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Anzen and protocol-v2>Threat Model>Function: fillOffer(uint256 offerId, uint256 amount)
GeneralOverview
Findings
High (1)
Medium (3)
Low (2)
Informational (4)
DiscussionLack of test flows
Threat ModelWhat are threat models?AnzenGaugeControllerBaseUpg.solAnzenVotingControllerUpg.solLockedUsdzMarket.solLockingToken.sol
MainnetUSDzMarket.solFunction: adminFillOffer(uint256 offerId, uint256 usdzAmount)Function: cancelOffer(uint256 offerId)Function: createOffer(uint256 tokenId, uint256 amount, uint256 askPrice)Function: fillOffer(uint256 offerId, uint256 amount)
StakePool.solVotingEscrowAnzenMainchain.solVotingEscrowAnzenSidechain.solVotingResultBroadcaster.sol
Audit ResultsAssessment Results

Function: fillOffer(uint256 offerId, uint256 amount)

The function allows a user to fill an existing offer by transferring USDC to the offer creator and receiving the specified amount of locked tokens.

Inputs

  • offerId

    • Control: Arbitrary.

    • Constraints: Must be an existing offer.

    • Impact: The parameter identifies which offer to fill.

  • amount

    • Control: Arbitrary.

    • Constraints: Must be less than or equal to the remaining offer amount. Must be greater than zero.

    • Impact: The parameter specifies how many tokens from the offer to purchase.

Branches and code coverage

Intended branches

  • Calculate the required USDC, update the offer's amount, and complete the token transfer.

  • Decrement pendingOffersCount and delete the offer if the offer amount becomes zero.

Negative behavior

  • Revert if requiredUSDC is zero.

  • Revert if amount is not within permissible range.

Zellic © 2025Back to top ↑