Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Bracket Fi Escrow>Threat Model>depositToken
GeneralOverview
Findings
Critical (1)
High (1)
Medium (2)
Low (1)
DiscussionMultiple Merkle tree leaves
Threat ModelWhat are threat models?BridgeEscrow.sol
EscrowBase.soldepositETHdepositTokenwithdraw
MainEscrow.sol
Audit ResultsSummary

Function: depositToken(address token, uint256 amount)

The function can be utilized for depositing tokens into the escrow contract.

Inputs

  • token

    • Control: Fully controlled by caller.

    • Constraints: Should be whitelisted.

    • Impact: This token is deposited in the contract.

  • amount

    • Control: Fully controlled by caller.

    • Constraints: Should not be 0.

    • Impact: The amount of token to be deposited.

Branches and code coverage

Intended branches

  • If the wrapped token is a non-zero address, wrap the token first and then deposit the token to the contract.

  • If the wrapped token is address(0), directly deposit the token to the contract.

  • Increase the totalStaked value of the token, and increase the value of usersBalance of user for that token.

Negative behavior

  • Revert if the token used is ETH_ADDRESS.

  • Revert if amount is 0.

  • Revert if there is a balance mismatch after the transfer of token from caller to the contract.

  • Revert if token is not added or not whitelisted.

  • Revert if the function is called after break time has reached.

Function call analysis

  • this._getStorage()

    • What is controllable? N/A

    • If the return value is controllable, how is it used and how can it go wrong? Returns the storage slot.

    • What happens if it reverts, reenters or does other unusual control flow? N/A

  • IERC20(wrapped).balanceOf(address(this))

    • What is controllable? N/A

    • If the return value is controllable, how is it used and how can it go wrong? The return value is the balance of the wrapped token of this contract

    • What happens if it reverts, reenters or does other unusual control flow? N/A

  • SafeERC20.safeTransferFrom(IERC20(token), msg.sender, address(this), amount)

    • What is controllable? token, msg.sender and amount

    • If the return value is controllable, how is it used and how can it go wrong? N/A

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire transaction would revert; no re-entrancy scenario.

  • SafeERC20.safeIncreaseAllowance(IERC20(token), wrapped, amount)

    • What is controllable? token and amount

    • If the return value is controllable, how is it used and how can it go wrong? N/A

    • What happens if it reverts, reenters or does other unusual control flow? If it reverts, the entire transaction would revert; no re-entrancy scenario.

  • IERC20(token).balanceOf(address(this))

    • What is controllable? N/A

    • If the return value is controllable, how is it used and how can it go wrong? The return value is the balance of the token of this contract.

    • What happens if it reverts, reenters or does other unusual control flow? N/A

Zellic © 2024Back to top ↑