Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Chateau>Threat Model>reedem
GeneralOverview
Findings
Critical (3)
High (1)
Informational (2)
DiscussionMultiple variables have typos in their namesAdditional checksStates not updatedUser is not AmericanAdditional concerning areas
Threat ModelWhat are threat models?Share.solStakingPool.solUSDT.sol
VaultPool.solreedemwithdraw
Audit ResultsSummary

Function: reedem(uint256 amount)

Redeem stablecoins with RWA Assets. Calling this method will give the caller stablecoin and burn RWA tokens. Can only be called by users that are KYC-ed and are not American.

Inputs

  • amount

    • Control: Full control.

    • Constraints: Nonzero.

    • Impact: The amount of shares to redeem.

Branches and code coverage

Intended branches

  • Caller successfully redeems.

  • Include function calls.

  • End sentences with periods.

Negative behavior

  • Caller tries to redeem zero share tokens.

  • Caller tries to redeem during pause.

  • Caller tries to redeem while being American or not KYC.

  • Caller tries to redeem when issueTotal is zero.

  • Caller tries to redeem when amount is nonzero but the calculated withdrawAmount is zero.

Function call analysis

  • this.shareToekn.totalSupply()

    • What is controllable? Not controllable.

    • If the return value is controllable, how is it used and how can it go wrong? Not directly controllable.

    • What happens if it reverts, reenters or does other unusual control flow? If total supply is extremely high, shareTotal + 1 will overflow and revert.

  • this.issueToken.balanceOf(address(this))

    • What is controllable? Not controllable.

    • If the return value is controllable, how is it used and how can it go wrong? Not controllable.

    • What happens if it reverts, reenters or does other unusual control flow? If balance is zero, issueTotal - 1 will underflow and revert.

  • SafeERC20.safeTransferFrom(this.shareToekn, msg.sender, address(this), amount)

    • What is controllable? Amount is controllable and must be nonzero.

    • If the return value is controllable, how is it used and how can it go wrong? Not controllable.

    • What happens if it reverts, reenters or does other unusual control flow? Should revert if user has too low of a balance.

  • this.shareToekn.burn(amount)

    • What is controllable? Amount is controllable but has been transferred from the caller before it gets this far.

    • If the return value is controllable, how is it used and how can it go wrong? Not controllable.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • SafeERC20.safeTransfer(this.issueToken, msg.sender, withdrawAmount)

    • What is controllable? The withdrawAmount is indirectly controllable but is done after burning.

    • If the return value is controllable, how is it used and how can it go wrong? Not controllable.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2024Back to top ↑