Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Beefy Wrapper>Threat Model>wrap
GeneralOverview
Findings
Informational (2)
Threat ModelWhat are threat models?
BeefyWrapper.sol_deposit_withdrawunwrapwrap
BeefyWrapperFactory.sol
Audit ResultsSummary

Function: wrap(uint256 amount)

This function can be used to wrap a given amount of Beefy vault tokens into ERC-4626 wrapped tokens.

Inputs

  • amount

    • Control: Arbitrary.

    • Constraints: None (directly, caller balance must be sufficient and the wrapper must be approved).

    • Impact: Amount to wrap.

Branches and code coverage (including function calls)

Intended branches

  • Transfers vault tokens to the wrapper contract and mints the corresponding amount of wrapper tokens.

Negative behavior

  • Reverts if the vault token transfer fails (e.g., user balance is insufficient).

Function call analysis

  • rootFunction -> IERC20Upgradeable(vault).safeTransferFrom(msg.sender, address(this), amount)

    • What is controllable? amount.

    • If return value controllable, how is it used and how can it go wrong? Not used.

    • What happens if it reverts, reenters, or does other unusual control flow? Reverts bubble up; reentrancy is not possible (vault is considered trusted).

  • rootFunction -> _mint(msg.sender, amount)

    • What is controllable? amount.

    • If return value controllable, how is it used and how can it go wrong? Not used.

    • What happens if it reverts, reenters, or does other unusual control flow? Reverts and reentrancy are not possible.

Zellic © 2024Back to top ↑