Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Anzen and protocol-v2>Threat Model>Function: withdraw()
GeneralOverview
Findings
High (1)
Medium (3)
Low (2)
Informational (4)
DiscussionLack of test flows
Threat ModelWhat are threat models?AnzenGaugeControllerBaseUpg.solAnzenVotingControllerUpg.solLockedUsdzMarket.solLockingToken.solMainnetUSDzMarket.solStakePool.sol
VotingEscrowAnzenMainchain.solFunction: broadcastTotalSupply(uint256[] calldata chainIds)Function: broadcastUserPosition(address user, uint256[] calldata chainIds)Function: increaseLockPosition(uint128 additionalAmountToLock, uint128 newExpiry)Function: increaseLockPositionAndBroadcast(uint128 additionalAmountToLock, uint128 newExpiry, uint256[] calldata chainIds)Function: withdraw()
VotingEscrowAnzenSidechain.solVotingResultBroadcaster.sol
Audit ResultsAssessment Results

Function: withdraw()

The function allows users to withdraw their expired lock positions, returning the locked Anzen back.

Branches and code coverage

Intended branches

  • Remove user's position data and transfer Anzen back to the user.

Negative behavior

  • Revert if the position is not expired.

  • Revert if no Anzen is locked to withdraw.

Zellic © 2025Back to top ↑