Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Chainflip Backend>Threat Model>Function: register_as_broker
GeneralOverview
Findings
Critical (1)
Low (2)
DiscussionLack of broker fee limitsERC-20 transfer reversions result in stuck fundsType conversion could lead to fund loss
Threat ModelWhat are threat models?1-cf-lp2-cf-pools
3-cf-swappingPallet: cf-swappingFunction: request_swap_deposit_addressFunction: withdrawFunction: schedule_swap_from_contractFunction: ccm_depositFunction: register_as_brokerFunction: set_minimum_swap_amount
4-cf-witnesser5-engine
Audit ResultsSummary

Function: register_as_broker

This function simply registers the caller as a broker, assuming the caller is not already registered as any role, and broker registration is enabled in SafeMode.

Zellic © 2025Back to top ↑