Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Chateau>Threat Model>withdraw
GeneralOverview
Findings
Critical (3)
High (1)
Informational (2)
DiscussionMultiple variables have typos in their namesAdditional checksStates not updatedUser is not AmericanAdditional concerning areas
Threat ModelWhat are threat models?Share.sol
StakingPool.solstakeswapunstakewithdraw
USDT.solVaultPool.sol
Audit ResultsSummary

Function: withdraw()

Extracts all the issueToken tokens from the contract. Only callable by the owner. All stakes are invalidated by setting the cut-off between valid and invalid stakes (indexStar) to the current indexEnd. Currently, this is off by one, as indexEnd is supposed to always be one more than indexStar.

Branches and code coverage

Intended branches

  • Admin is able to withdraw.

  • User is able to stake and unstake before a withdraw but not unstake after.

  • User is able to stake and unstake new issues after a withdraw.

Negative behavior

  • Non-admin cannot withdraw.

  • User cannot withdraw old stakes.

Zellic © 2024Back to top ↑