Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Avantis>Threat Model>allocateRewards
GeneralOverview
Findings
Critical (6)
High (9)
Medium (6)
Low (10)
Informational (7)
DiscussionReferral code incentives are misalignedVeTranche NFT info should be structNo way to remove user from Trading whitelistPyth price can become negative or erraticTranche has unnecessary `ReentrancyGuard`Checks-effects-interactions pattern brokenTypos
Threat ModelWhat are threat models?Execute.solReferral.solTrading.solTradingStorage.solTranche.sol
VaultManager.solallocateRewards
VeTranche.sol
Audit ResultsSummary

Function: allocateRewards(uint256 rewards)

This allocates rewards to the LPs.

Inputs

  • rewards

    • Control: Fully controlled by the caller.

    • Constraints: Should be greater than zero.

    • Impact: The amount of rewards to allocate.

Branches and code coverage

Intended branches

  • If the caller is not a trading contract, transfer assets from the caller to address(this) and increase the totalRewards value.

  • If caller is a trading contract, simply increase the totalRewards value.

Negative behavior

  • Revert if rewards are zero.

Function call analysis

  • IERC20(this.junior.asset()).transferFrom(msg.sender, address(this), rewards)

    • What is controllable? msg.sender and rewards.

    • If the return value is controllable, how is it used and how can it go wrong? The reward amount is transferred from the caller to the contract — no return value.

    • What happens if it reverts, reenters, or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • this.junior.asset()

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑