Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Avantis>Critical findings>The function ,setWithdrawThreshold, lacks access control
GeneralOverview
Findings
Critical (6)Stop loss higher than `openPrice` causes fund lossUnsafe cast in take profit can lead to fund lossNo access control on `setWithdrawThreshold`Reserve requirement checked before withdrawalLocked shares have undue access to rewardsMax profit can exceed amount reserved from vault
High (9)
Medium (6)
Low (10)
Informational (7)
DiscussionReferral code incentives are misalignedVeTranche NFT info should be structNo way to remove user from Trading whitelistPyth price can become negative or erraticTranche has unnecessary `ReentrancyGuard`Checks-effects-interactions pattern brokenTypos
Threat ModelWhat are threat models?Execute.solReferral.solTrading.solTradingStorage.solTranche.solVaultManager.solVeTranche.sol
Audit ResultsSummary
Category: Coding Mistakes

The function setWithdrawThreshold lacks access control

Critical Severity
Critical Impact
High Likelihood

Description

The external function setWithdrawThreshold is used to allow governance to set the withdraw threshold parameter:

function setWithdrawThreshold(uint256 _withdrawThreshold) external {
    require(_withdrawThreshold < 100 * _PRECISION, "THRESHOLD_EXCEEDS_MAX");
    withdrawThreshold = _withdrawThreshold;
    emit WithdrawThresholdUpdated(_withdrawThreshold);
}

However, this function lacks all access control.

Impact

Anyone can update the withdraw threshold at any time.

Front-runners can cause user withdrawals to revert by setting the withdrawThreshold to zero. Users can change the withdrawThreshold to withdraw more than intended.

Recommendations

Add the missing onlyGov modifier to this function.

Remediation

This issue has been acknowledged by Avantis Labs, Inc., and a fix was implemented in commit 4e5b1384.

Zellic © 2025Back to top ↑