Assessment reports>Avantis>Threat Model>claimRewards

Function: claimRewards(uint256 tokenId)

This claims rewards accumulated by tokenId.

Inputs

  • tokenId

    • Control: Fully controlled by caller.

    • Constraints: None.

    • Impact: The ID of the token for which rewards are claimed.

Branches and code coverage

Intended branches

  • The function internally calls _claimRewards, which updates the rewards and transfers rewards to the caller.

Negative behavior

  • Revert if caller is not the owner of the tokenId.

Function call analysis

  • this._claimRewards(tokenId) -> SafeERC20.safeTransfer(IERC20(this.tranche.asset()), this._ownerOf(tokenId), this.rewardsByTokenId[tokenId])

    • What is controllable? this._ownerOf(tokenId) and this.rewardsByTokenId[tokenId].

    • If the return value is controllable, how is it used and how can it go wrong? The reward amount is transferred to the owner of the token; an incorrect owner may result in incorrect reward transfer.

    • What happens if it reverts, reenters, or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • this._claimRewards(tokenId) -> this.tranche.asset()

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑