Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Avantis>Threat Model>lock
GeneralOverview
Findings
Critical (6)
High (7)
Medium (8)
Low (10)
Informational (7)
DiscussionReferral code incentives are misalignedVeTranche NFT info should be structNo way to remove user from Trading whitelistPyth price can become negative or erraticTranche has unnecessary `ReentrancyGuard`Checks-effects-interactions pattern brokenTypos
Threat ModelWhat are threat models?Execute.solReferral.solTrading.solTradingStorage.solTranche.solVaultManager.sol
VeTranche.solclaimRewardsforceUnlocklockunlock
Audit ResultsSummary

Function: lock(uint256 shares, uint256 endTime)

This locks a specified amount of shares until a specified end time.

Inputs

  • shares

    • Control: Fully controlled by the caller.

    • Constraints: Should be greater than zero.

    • Impact: The number of shares to lock.

  • endTime

    • Control: Fully controlled by the caller.

    • Constraints: The endTime - block.timestamp should be between the range getMinLockTime() and getMaxLockTime().

    • Impact: The time until which the shares will be locked.

Branches and code coverage

Intended branches

  • The endTime - block.timestamp should be between the range getMinLockTime() and getMaxLockTime().

  • Check if balanceOf caller is greater than the value of shares.

  • Mint NFT to the caller and increment the nextTokenId counter.

Negative behavior

  • The endTime - block.timestamp is outside the expected range.

  • The shares amount is equal to zero.

  • The balanceOf caller is less than the shares amount.

Function call analysis

  • this.getMaxLockTime() -> this.vaultManager.maxLockTime()

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.getMinLockTime() -> this.vaultManager.minLockTime()

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.tranche.balanceOf(msg.sender)

    • What is controllable? msg.sender.

    • If the return value is controllable, how is it used and how can it go wrong? It is the balance of msg.sender — should be greater than shares for a successful call.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • Counters.current(this.tokenIds)

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.tranche.transferFrom(msg.sender, address(this), shares)

    • What is controllable? msg.sender and shares.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire call will revert — no reentrancy scenarios.

  • Counters.increment(this.tokenIds)

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑