Assessment reports>Cove>Threat Model>claimFallbackShares

Function: claimFallbackShares(address receiver, address controller)

This function allows the basket manager to claim shares given for a previous redemption request in the event a redemption fulfillment for a given epoch fails.

Inputs

  • receiver

    • Control: Fully controlled by the basket manager.

    • Constraints: None at this level.

    • Impact: The address to receive the shares.

  • controller

    • Control: Fully controlled by the basket manager.

    • Constraints: None at this level.

    • Impact: The address of the controller of the redemption request.

Branches and code coverage

Intended branches

  • Set controller's redeemShares of the current request to zero.

  • Transfer shares to receiver.

Negative behavior

  • Revert if the caller is not the basket manager or an operator.

  • Revert if the claimable shares are zero.

Function call analysis

  • this._transfer(address(this), receiver, shares) -> this._update(from, to, value) -> ERC20PluginsUpgradeable._update -> ERC20PluginsUpgradeable._updateBalances(address plugin, address from, address to, uint256 amount)

    • What is controllable? receiver and sharesshares is partially controllable by the caller.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? It can reenter the contract while updating balances calling receiver's plug-ins, but this function follows the checks-effects-interactions pattern.

Zellic © 2025Back to top ↑