Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic siteBack

Assessment reports>Cega>Threat Models>Function: addToDepositQueue(uint256 amount, address receiver)

GeneralOverview

Findings

Informational (2)

DiscussionCentralization risks Using non-ERC20 token standards Impossibility of reentrancy in the queue-processing functions

Threat ModelsWhat are threat models?CegaState.sol

FCNProduct.sol Function: addOptionBarrier(address vaultAddress, OptionBarrier optionBarrier)Function: addToDepositQueue(uint256 amount, address receiver)Function: addToWithdrawalQueue(address vaultAddress, uint256 amountShares, address receiver)Function: calculateCurrentYield(address vaultAddress)Function: calculateVaultFinalPayoff(address vaultAddress)Function: checkBarriers(address vaultAddress)Function: createVault(string _tokenName, string _tokenSymbol, uint256 _vaultStart)Function: openVaultDeposits(address vaultAddress)Function: processDepositQueue(address vaultAddress, uint256 maxProcessCount)Function: processWithdrawalQueue(address vaultAddress, uint256 maxProcessCount)Function: receiveAssetsFromCegaState(address vaultAddress, uint256 amount)Function: removeOptionBarrier(address vaultAddress, uint256 index, string _asset)Function: removeVault(address vaultAddress)Function: rolloverVault(address vaultAddress)Function: setIsDepositQueueOpen(bool _isDepositQueueOpen)Function: setKnockInStatus(address vaultAddress, bool newState)Function: setManagementFeeBps(uint256 _managementFeeBps)Function: setMaxDepositAmountLimit(uint256 _maxDepositAmountLimit)Function: setTradeData(address vaultAddress, uint256 _tradeDate, uint256 _tradeExpiry, uint256 _aprBps, uint256 _tenorInDays)Function: setVaultMetadata(address vaultAddress, FCNVaultMetadata metadata)Function: setVaultStatus(address vaultAddress, VaultStatus _vaultStatus)Function: setYieldFeeBps(uint256 _yieldFeeBps)Function: updateOptionBarrierOracle(address vaultAddress, uint256 index, string _asset, string newOracleName)

Function: `addToDepositQueue(uint256 amount, address receiver)`

Adds a deposit to the depositQueue storage array.

Inputs

amount
- Control: Fully controlled.
- Constraints: The receiver must own at least this amount of asset tokens.
- Impact: This amount of tokens are transferred from the receiver to this contract.
receiver
- Control: Fully controlled.
- Constraints: Must have preapproved this contract.
- Impact: Tokens are transferred from this address to this contract.

Branches and code coverage (including function calls)

Intended branches

Should update the count of queued deposits.
Test coverage
Should update the total queued deposits amount.
Test coverage
Should add a new deposit into the depositQueue storage array.
Test coverage
Should emit a DepositQueued event.
Test coverage
Should decrease the asset balance of the receiver.
Test coverage
Should increase the asset balance of this contract.
Test coverage

Negative behaviour

Should revert if the deposit queue is not open.
Negative test
Should revert if this deposit would cause the product to go over its maximum deposit amount limit.
Negative test
Should revert if the receiver has not approved this contract to spend the required amount.
Negative test

Function call analysis

IERC20(asset).safeTransferFrom(receiver, address(this), amount)
- What is controllable? receiver, amount.
- If return value controllable, how is it used and how can it go wrong? N/A.
- What happens if it reverts, reenters, or does other unusual control flow? If it reverts, the deposit will fail. No other side effects as it follows the CEI pattern.

Zellic © 2025Back to top ↑