Assessment reports>Avantis>Threat Model>allocateRewards

Function: allocateRewards(uint256 rewards)

This allocates rewards to the LPs.

Inputs

  • rewards

    • Control: Fully controlled by the caller.

    • Constraints: Should be greater than zero.

    • Impact: The amount of rewards to allocate.

Branches and code coverage

Intended branches

  • If the caller is not a trading contract, transfer assets from the caller to address(this) and increase the totalRewards value.

  • If caller is a trading contract, simply increase the totalRewards value.

Negative behavior

  • Revert if rewards are zero.

Function call analysis

  • IERC20(this.junior.asset()).transferFrom(msg.sender, address(this), rewards)

    • What is controllable? msg.sender and rewards.

    • If the return value is controllable, how is it used and how can it go wrong? The reward amount is transferred from the caller to the contract — no return value.

    • What happens if it reverts, reenters, or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • this.junior.asset()

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑