Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Cloak V1>Threat Model>finalizeWithdrawERC20
GeneralOverview
Findings
Medium (2)
Low (1)
Threat ModelWhat are threat models?FastWithdrawVault.sol
L1ERC20GatewayValidium.soldepositERC20depositERC20finalizeWithdrawERC20
L1WETHGatewayValidium.solScrollChainValidium.sol
Audit ResultsAssessment Results

Function: finalizeWithdrawERC20(address _l1Token, address _l2Token, address _from, address _to, uint256 _amount, bytes _data)

This function completes the ERC-20 withdrawal from Cloak to Scroll and sends funds to the recipient's account on Scroll. The caller must be the contract L1ScrollMessengerValidium, and the sender on Cloak must be the contract L2StandardERC20Gateway.

Inputs

  • _l1Token

    • Control: Fully controlled by the caller.

    • Constraints: The result of getL2ERC20Address(_l1Token) must be equal to _l2Token.

    • Impact: The address of the withdrawn token on Scroll.

  • _l2Token

    • Control: Fully controlled by the caller.

    • Constraints: The value of tokenMapping[_l2Token] of the contract L2StandardERC20Gateway on Cloak must not be the zero address.

    • Impact: The address of the withdrawn token on Cloak.

  • _from

    • Control: Fully controlled by the caller.

    • Constraints: N/A.

    • Impact: The address of the sender on Cloak.

  • _to

    • Control: Fully controlled by the caller.

    • Constraints: N/A.

    • Impact: The address of the recipient on Scroll.

  • _amount

    • Control: Fully controlled by the caller.

    • Constraints: Must be greater than zero.

    • Impact: The amount of tokens to withdraw.

  • _data

    • Control: Fully controlled by the caller.

    • Constraints: N/A.

    • Impact: The optional data. Only used for event logging in this implementation.

Branches and code coverage

Intended branches

  • The _l1Token balance of the contract decreases by the expected amount.

  • The _l1Token balance of _to increases by the expected amount.

  • The tokenMapping[_l1Token] is set to _l2Token if this is the first withdrawal of the token.

Negative behavior

  • Reverts if the caller is not the contract L1ScrollMessengerValidium.

  • Reverts if the sender on Cloak is not the contract L2StandardERC20Gateway.

  • Reverts if msg.value is not zero.

  • Reverts if _l2Token does not match the expected L2 token address computed from _l1Token.

Function call analysis

  • SafeERC20Upgradeable.safeTransfer(IERC20Upgradeable(_l1Token), _to, _amount)

    • What is controllable? _l1Token, _to, and _amount.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑