Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Bracket Fi Escrow>Threat Model>claimTokens
GeneralOverview
Findings
Critical (1)
High (1)
Medium (2)
Low (1)
DiscussionMultiple Merkle tree leaves
Threat ModelWhat are threat models?BridgeEscrow.solEscrowBase.sol
MainEscrow.solclaimTokenswithdrawEscrow
Audit ResultsSummary

Function: claimTokens(address token, uint256 amount, byte[32][] proof)

Claim tokens.

Inputs

  • token

    • Control: Full.

    • Constraints: None.

    • Impact: The token.

  • amount

    • Control: Full.

    • Constraints: None.

    • Impact: Amount.

  • proof

    • Control: Full.

    • Constraints: Length > 0.

    • Impact: The proof.

Branches and code coverage

Intended branches

  • Verify that the proof is valid.

  • User cannot claim amount twice.

Negative behavior

  • Another token cannot be used to redeem the proof of a different token.

Function call analysis

  • MerkleProof.verify(proof, root, leaf)

    • What is controllable? proof and leaf.

    • If the return value is controllable, how is it used and how can it go wrong? No.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • SafeERC20.safeTransfer(IERC20(token), msg.sender, claimable)

    • What is controllable? token.

    • If the return value is controllable, how is it used and how can it go wrong? Nothing.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2024Back to top ↑