Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Avantis>Threat Model>claimRewards
GeneralOverview
Findings
Critical (6)
High (9)
Medium (6)
Low (10)
Informational (7)
DiscussionReferral code incentives are misalignedVeTranche NFT info should be structNo way to remove user from Trading whitelistPyth price can become negative or erraticTranche has unnecessary `ReentrancyGuard`Checks-effects-interactions pattern brokenTypos
Threat ModelWhat are threat models?Execute.solReferral.solTrading.solTradingStorage.solTranche.solVaultManager.sol
VeTranche.solclaimRewardsforceUnlocklockunlock
Audit ResultsSummary

Function: claimRewards(uint256 tokenId)

This claims rewards accumulated by tokenId.

Inputs

  • tokenId

    • Control: Fully controlled by caller.

    • Constraints: None.

    • Impact: The ID of the token for which rewards are claimed.

Branches and code coverage

Intended branches

  • The function internally calls _claimRewards, which updates the rewards and transfers rewards to the caller.

Negative behavior

  • Revert if caller is not the owner of the tokenId.

Function call analysis

  • this._claimRewards(tokenId) -> SafeERC20.safeTransfer(IERC20(this.tranche.asset()), this._ownerOf(tokenId), this.rewardsByTokenId[tokenId])

    • What is controllable? this._ownerOf(tokenId) and this.rewardsByTokenId[tokenId].

    • If the return value is controllable, how is it used and how can it go wrong? The reward amount is transferred to the owner of the token; an incorrect owner may result in incorrect reward transfer.

    • What happens if it reverts, reenters, or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • this._claimRewards(tokenId) -> this.tranche.asset()

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑