Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Blackwing>Threat Model>removeAssets
GeneralOverview
Findings
Medium (1)
Low (1)
Informational (1)
DiscussionCentralizationFront-run
Threat ModelWhat are threat models?aave_deployer.sol
vault.solbalancedeployAssetsdepositdisableLPTransfersdisableWithdrawalsenableLPTransfersenableWithdrawalsinitializelastDepositBlockregisterAssetremoveAssetssetMinBlocksSinceLastDepositupdateDeployerwithdraw
vault_token.sol
Audit ResultsSummary

Function: removeAssets(IERC20 asset, uint256 amount)

This function is used to transfer aToken to the deployer and invoke the remove function of the deployer, with the remove function anticipated to call the withdraw function of the Aave pool. This process enables the vault to retrieve the asset from the Aave pool.

Inputs

  • asset

    • Control: Arbitrary.

    • Constraints: Only registered assets' address.

    • Impact: Address of the asset.

  • amount

    • Control: Arbitrary.

    • Constraints: None.

    • Impact: Amount of the asset to withdraw.

Branches and code coverage

Intended branches

  • Transfer aToken in the vault to deployer and call remove.

Negative behavior

  • Reverts if the caller is not the owner.

  • Revert if asset is not registered.

  • Revert if asset is not transferred to the deployer.

Zellic © 2025Back to top ↑