Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Chateau>Discussion>User is not American
GeneralOverview
Findings
Critical (3)
High (1)
Informational (2)
DiscussionMultiple variables have typos in their namesAdditional checksStates not updatedUser is not AmericanAdditional concerning areas
Threat ModelWhat are threat models?Share.solStakingPool.solUSDT.solVaultPool.sol
Audit ResultsSummary

Quadrata usage not comprehensive

This codebase uses the Quadrata protocol to determine whether users are KYC-ed or not. For that reason, in the constructor of NotAmerica, the following code is used to determine the address of the reader contract, a component of the Quadrata protocol:

constructor() {
    uint chainId = _chainID();
    if (chainId == 11155111)
        reader = IQuadReader(0x49CF5d391B223E9196A7f5927A44D57fec1244C8); // Sepolia
    if (chainId == 10)
        reader = IQuadReader(0xFEB98861425C6d2819c0d0Ee70E45AbcF71b43Da); // Optimistic
    if (chainId == 42161)
        reader = IQuadReader(0x49CF5d391B223E9196A7f5927A44D57fec1244C8); // Arbitrum One
}

If the chainId is not one of the above, the reader will be left to 0x0. This means any calls to reader will revert. This is an especially important consideration, as calls to reader are made in the modifier NOT_AMERICAN, which is called in all of the most important functions of the contract.

Therefore, ensuring that the reader is set to a valid address is crucial, and the contract deployment should revert if that is not the case.

Zellic © 2024Back to top ↑