Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic site

Assessment reports>Cega>Threat Models>Function: addToWithdrawalQueue(address vaultAddress, uint256 amountShares, address receiver)

GeneralOverview

Findings

Informational (2)

DiscussionCentralization risks Using non-ERC20 token standards Impossibility of reentrancy in the queue-processing functions

Threat ModelsWhat are threat models?CegaState.sol

FCNProduct.sol Function: addOptionBarrier(address vaultAddress, OptionBarrier optionBarrier)Function: addToDepositQueue(uint256 amount, address receiver)Function: addToWithdrawalQueue(address vaultAddress, uint256 amountShares, address receiver)Function: calculateCurrentYield(address vaultAddress)Function: calculateVaultFinalPayoff(address vaultAddress)Function: checkBarriers(address vaultAddress)Function: createVault(string _tokenName, string _tokenSymbol, uint256 _vaultStart)Function: openVaultDeposits(address vaultAddress)Function: processDepositQueue(address vaultAddress, uint256 maxProcessCount)Function: processWithdrawalQueue(address vaultAddress, uint256 maxProcessCount)Function: receiveAssetsFromCegaState(address vaultAddress, uint256 amount)Function: removeOptionBarrier(address vaultAddress, uint256 index, string _asset)Function: removeVault(address vaultAddress)Function: rolloverVault(address vaultAddress)Function: setIsDepositQueueOpen(bool _isDepositQueueOpen)Function: setKnockInStatus(address vaultAddress, bool newState)Function: setManagementFeeBps(uint256 _managementFeeBps)Function: setMaxDepositAmountLimit(uint256 _maxDepositAmountLimit)Function: setTradeData(address vaultAddress, uint256 _tradeDate, uint256 _tradeExpiry, uint256 _aprBps, uint256 _tenorInDays)Function: setVaultMetadata(address vaultAddress, FCNVaultMetadata metadata)Function: setVaultStatus(address vaultAddress, VaultStatus _vaultStatus)Function: setYieldFeeBps(uint256 _yieldFeeBps)Function: updateOptionBarrierOracle(address vaultAddress, uint256 index, string _asset, string newOracleName)

Function: `addToWithdrawalQueue(address vaultAddress, uint256 amountShares, address receiver)`

Adds a vault withdrawal action to the withdrawalQueue storage array.

Inputs

vaultAddress
- Control: Fully controlled.
- Constraints: N/A.
- Impact: The withdrawal is queued for this specific vault.
amountShares
- Control: Fully controlled.
- Constraints: User must own at least this amount of shares.
- Impact: This amount of shares are transferred out of the receiver's wallet.
receiver
- Control: Fully controlled.
- Constraints: N/A.
- Impact: The shares are transferred out of this address.

Branches and code coverage (including function calls)

Intended branches

Should update the vault's metadata.
Test coverage
Should increase this contract's share token balance.
Test coverage

Negative behaviour

Should revert if the user has not approved this contract.
Negative test

Function call analysis

IERC20(asset).safeTransferFrom(receiver, address(this), amountShares)
- What is controllable? receiver, amountShares.
- If return value controllable, how is it used and how can it go wrong? N/A.
- What happens if it reverts, reenters, or does other unusual control flow? If it reverts, the share transfer will fail. No other side effects as it follows the CEI pattern.

Zellic © 2024Back to top ↑