Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Bracket Fi Escrow>Threat Model>withdrawEscrow
GeneralOverview
Findings
Critical (1)
High (1)
Medium (2)
Low (1)
DiscussionMultiple Merkle tree leaves
Threat ModelWhat are threat models?BridgeEscrow.solEscrowBase.sol
MainEscrow.solclaimTokenswithdrawEscrow
Audit ResultsSummary

Function: withdrawEscrow(address[] tokens)

Withdraw escrow tokens (onlyOwner).

Inputs

  • tokens

    • Control: Full.

    • Constraints: None.

    • Impact: The tokens to withdraw.

Branches and code coverage

Intended branches

  • Tokens are withdrawn.

Negative behavior

  • Empty tokens are not transferred.

Function call analysis

  • token.balanceOf(address(this))

    • What is controllable? Full.

    • If the return value is controllable, how is it used and how can it go wrong? Check if there are tokens.

    • What happens if it reverts, reenters or does other unusual control flow? Nothing.

  • SafeERC20.safeTransfer(token, msg.sender, token.balanceOf(address(this)))

    • What is controllable? token.

    • If the return value is controllable, how is it used and how can it go wrong? Nothing.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • token.balanceOf(address(this))

    • What is controllable? token.

    • If the return value is controllable, how is it used and how can it go wrong? Amount to send.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2024Back to top ↑