Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Chateau>Threat Model>swap
GeneralOverview
Findings
Critical (3)
High (1)
Informational (2)
DiscussionMultiple variables have typos in their namesAdditional checksStates not updatedUser is not AmericanAdditional concerning areas
Threat ModelWhat are threat models?Share.sol
StakingPool.solstakeswapunstakewithdraw
USDT.solVaultPool.sol
Audit ResultsSummary

Function: swap(uint256 amount)

NATdoc describes this function:

Users of historical batches can sell their RWA shares to those who want to buy them at the moment by using this function, which can be executed if there are enough funds for the current round of subscriptions and they have not been withdrawn.

The function will iterate over all active issues and do either a full or a partial swap depending on the remaining amount to pay out. If there is not enough balance of either share or issue tokens on either side, it should fail.

Vulnerable to reentrancy issues if used with tokens that offer callbacks, as the stakes are invalidated after being transferred.

Inputs

  • amount

    • Control: Fully controllable.

    • Constraints: Nonzero.

    • Impact: The amount of redeem tokens to trade in. Depending on the globally set rate, this decides how many share tokens that will be paid out.

Branches and code coverage

Intended branches

  • Swap when there is a single issue with the exact amount.

  • Swap when there are multiple issues that sum up to the exact amount.

  • Swap so that there is at least one partial swap.

Negative behavior

  • Swap with too little user balance of redeem tokens.

  • Swap with too little contract balance of share (issue) tokens.

Zellic © 2024Back to top ↑