Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Anzen and protocol-v2>Threat Model>addRewardPool
GeneralOverview
Findings
Medium (3)
Low (3)
Informational (4)
DiscussionLack of test flows
Threat ModelWhat are threat models?AnzenGaugeControllerBaseUpg.solAnzenVotingControllerUpg.solLockedUsdzMarket.solLockingToken.solMainnetUSDzMarket.sol
StakePool.sol_stakeForaddRewardPoolemergencyWithdrawupdateRewardPoolwithdraw
VotingEscrowAnzenMainchain.solVotingEscrowAnzenSidechain.solVotingResultBroadcaster.sol
Audit ResultsAssessment Results

Function: addRewardPool(address _rewardToken, uint256 _startTime, uint256 _endRewardTime, uint256 _rewardPerSecond)

This function is used by the owner to first update the status of all existing rewardPoolInfos and then add a new rewardPoolInfo.

Inputs

  • _rewardToken

    • Control: Arbitrary.

    • Constraints: None.

    • Impact: Address of the rewardPool token contract.

  • _startTime

    • Control: Arbitrary.

    • Constraints: Must be less than _endRewardTime. Usually greater than block.timestamp; otherwise, it will be treated as block.timestamp.

    • Impact: Start reward time that rewardPool distribution occurs.

  • _endRewardTime

    • Control: Arbitrary.

    • Constraints: Must be greater than _startTime.

    • Impact: Time that rewardPool distribution ends.

  • _rewardPerSecond

    • Control: Arbitrary.

    • Constraints: None.

    • Impact: Reward-token amount to distribute per second.

Branches and code coverage

Intended branches

  • Check if _startTime is smaller than block.timestamp. If so, change _startTime to block.timestamp directly.

  • Make sure _startTime is less than _endRewardTime.

  • Call the updateReward function to update the existing rewardPoolInfo status.

  • Create a new rewardPool and add it to the rewardPoolInfo array.

Negative behavior

  • Revert if the _endRewardTime of the new rewardPool is greater than or equal to _startTime.

Zellic © 2025Back to top ↑