Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Cloak V1>Threat Model>importGenesisBatch
GeneralOverview
Findings
Medium (2)
Low (1)
Threat ModelWhat are threat models?FastWithdrawVault.solL1ERC20GatewayValidium.solL1WETHGatewayValidium.sol
ScrollChainValidium.solgetEncryptionKeyregisterNewEncryptionKeygetLatestEncryptionKeyimportGenesisBatchcommitBatchrevertBatchfinalizeBundle
Audit ResultsAssessment Results

Function: importGenesisBatch(bytes _batchHeader)

This function stores the first batch header (genesis); this can only be called once.

Inputs

  • _batchHeader

    • Control: Genesis role (GENESIS_IMPORTER_ROLE).

    • Constraints: The length must be <= 105 bytes.

    • Impact: Store the genesis batch header.

Branches and code coverage

Intended branches

  • Reverts when the decoded batch index is not zero.

  • Reverts when the parent batch hash is nonzero.

  • Reverts when the withdraw root is nonzero.

  • Reverts when the post state root is zero.

  • Reverts when genesis is already imported.

  • Successful import stores roots.

Negative behavior

  • A caller without GENESIS_IMPORTER_ROLE reverts via onlyRole.

  • Duplicate invocation reverts.

Function call analysis

  • BatchHeaderValidiumV0Codec.loadAndValidate(_batchHeader)

    • What is controllable? _batchHeader is controlled by the GENESIS_IMPORTER_ROLE.

    • If the return value is controllable, how is it used and how can it go wrong? Sanity check the payload length and copy data from calldata to memory.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • BatchHeaderValidiumV0Codec.getBatchIndex(batchPtr)

    • What is controllable? Derived from header input var.

    • If the return value is controllable, how is it used and how can it go wrong? Must equal zero.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • BatchHeaderValidiumV0Codec.getParentBatchHash(batchPtr)

    • What is controllable? Derived from header input var.

    • If the return value is controllable, how is it used and how can it go wrong? Must be zero.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • BatchHeaderValidiumV0Codec.getWithdrawRoot(batchPtr)

    • What is controllable? Derived from header input var.

    • If the return value is controllable, how is it used and how can it go wrong? Must be zero.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • BatchHeaderValidiumV0Codec.getPostStateRoot(batchPtr)

    • What is controllable? Derived from header input var.

    • If the return value is controllable, how is it used and how can it go wrong? Stored as the genesis state root — zero roots revert.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • BatchHeaderValidiumV0Codec.computeBatchHash(batchPtr, _length)

    • What is controllable? Derived from header input var.

    • If the return value is controllable, how is it used and how can it go wrong? Stored as the genesis committed batch.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑