Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>BEND v2>Threat Model>System Design
GeneralOverview
Findings
Informational (1)
DiscussionConsider adopting two-step ownership transfer in MetaFeePartitionerConsider adding a parameter for the previous value in the FeePercentageSet event
Threat ModelSystem Design
Audit ResultsAssessment Results

System Design

This provides a description of the high-level components of the system and how they interact, including details like a function’s externally controllable inputs and how an attacker could leverage each input to cause harm or which invariants or constraints of the system are critical and must always be upheld.

Not all components in the audit scope may have been modeled. The absence of a component in this section does not necessarily suggest that it is safe.

MetaFeePartitioner

The scope includes a new contract, the MetaFeePartitioner, which is responsible for keeping track of what percentage of the fee should be allocated to the platform and what percentage should be allocated to the vault.

Its getShares function is the externally visible view function that returns the two shares, given the fee amount.

Since the setters are onlyOwner and access control is written correctly, the only security concern is centralization risk (see Finding ref). The UUPSUpgradeability pattern looks correct.

Minting shares

This is the code that actually distributes the shares by minting them, and it is safe. There are no reentrancy risks here, and MetaFeePartitioner guarantees that the sum of shares is less than (in the case of precision loss during share-splitting calculations) or equal to the original, unsplit fee.

Refactoring

The scope also incudes refactoring of access-control modifiers to call internal functions that perform the same behavior. The refactoring was correctly done.

Additionally, some events were added.

Zellic © 2025Back to top ↑