Assessment reports>Avantis>Threat Model>lock

Function: lock(uint256 shares, uint256 endTime)

This locks a specified amount of shares until a specified end time.

Inputs

  • shares

    • Control: Fully controlled by the caller.

    • Constraints: Should be greater than zero.

    • Impact: The number of shares to lock.

  • endTime

    • Control: Fully controlled by the caller.

    • Constraints: The endTime - block.timestamp should be between the range getMinLockTime() and getMaxLockTime().

    • Impact: The time until which the shares will be locked.

Branches and code coverage

Intended branches

  • The endTime - block.timestamp should be between the range getMinLockTime() and getMaxLockTime().

  • Check if balanceOf caller is greater than the value of shares.

  • Mint NFT to the caller and increment the nextTokenId counter.

Negative behavior

  • The endTime - block.timestamp is outside the expected range.

  • The shares amount is equal to zero.

  • The balanceOf caller is less than the shares amount.

Function call analysis

  • this.getMaxLockTime() -> this.vaultManager.maxLockTime()

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.getMinLockTime() -> this.vaultManager.minLockTime()

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.tranche.balanceOf(msg.sender)

    • What is controllable? msg.sender.

    • If the return value is controllable, how is it used and how can it go wrong? It is the balance of msg.sender — should be greater than shares for a successful call.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • Counters.current(this.tokenIds)

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.tranche.transferFrom(msg.sender, address(this), shares)

    • What is controllable? msg.sender and shares.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • Counters.increment(this.tokenIds)

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑