Assessment reports>Cove>Threat Model>cancelRedeemRequest

Function: cancelRedeemRequest()

This function cancels a pending redeem request and transfers the shares back to the user.

Branches and code coverage

Intended branches

  • Update redeemRequest.

  • Transfer pendingRedeem shares to the user.

Negative behavior

  • Revert if the current request has no pending redemptions.

Function call analysis

  • this._transfer(address(this), msg.sender, pendingRedeem) -> this._update(from, to, value) -> ERC20PluginsUpgradeable._update -> ERC20PluginsUpgradeable._updateBalances(address plugin, address from, address to, uint256 amount)

    • What is controllable? msg.sender and pendingRedeem.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? It can reenter the contract while updating balances calling msg.sender's plug-ins, but ERC20PluginsUpgradeable._update has a reentrancy guard.

Zellic © 2025Back to top ↑