Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Cloak V1>Threat Model>getEncryptionKey
GeneralOverview
Findings
Medium (2)
Low (1)
Threat ModelWhat are threat models?FastWithdrawVault.solL1ERC20GatewayValidium.solL1WETHGatewayValidium.sol
ScrollChainValidium.solgetEncryptionKeyregisterNewEncryptionKeygetLatestEncryptionKeyimportGenesisBatchcommitBatchrevertBatchfinalizeBundle
Audit ResultsAssessment Results

Function: getEncryptionKey(uint256 _keyId)

This function verifies keyId is the most recently registered encryptionKeys inserted via registerNewEncryptionKey by the KEY_MANAGER_ROLE and returns it. It is called in the deposit flow by L1ERC20GatewayValidium::_deposit for sanity checks on the key.

Inputs

  • _keyId

    • Control: Arbitrary caller.

    • Constraints: Must be the last one inserted in encryptionKeys.

    • Impact: Return the last encryptionKey if keyId is the last one.

Branches and code coverage

Intended branches

  • Verifies at least one key exists.

  • Returns the last key value, if keyId represents the last key ID.

Zellic © 2025Back to top ↑