Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Cove>Threat Model>fulfillDeposit
GeneralOverview
Findings
Critical (2)
High (3)
Medium (2)
Low (1)
Informational (1)
DiscussionTransparent intent of redeemal might lead to unintended consequencesShares can round down to zeroWeights can pass uncheckedDenial-of-service risk where attackers can disrupt rebalance process with BasketManagerUtils.completeRebalance() functionality
Threat ModelWhat are threat models?AnchoredOracle.solAssetRegistry.solBasketManagerUtils.sol
BasketToken.solcancelDepositRequestcancelRedeemRequestclaimFallbackSharesclaimFallbackSharesdepositdepositfallbackRedeemTriggerfulfillDepositfulfillRedeemmintmintprepareForRebalanceproRataRedeemredeemrequestDepositrequestRedeemsetBitFlagsetOperatorwithdraw
CoWSwapAdapter.solCoWSwapClone.solFeeCollector.solManagedWeightStrategy.sol
Audit ResultsAssessment Results

Function: fulfillDeposit(uint256 shares)

This function allows the basket manager to fulfill all pending deposit assets for the current request. The assets are transferred to the basket manager.

Inputs

  • shares

    • Control: Fully controlled by the basket manager.

    • Constraints: Nonzero.

    • Impact: The amount of shares the current deposit will be fulfilled with.

Branches and code coverage

Intended branches

  • Set fulfilledShares of the current request to shares.

  • Mint shares to the basket.

  • Transfer total deposit assets to the basket manager.

Negative behavior

  • Revert if the caller is not the basket manager.

  • Revert if depositRequest.totalDepositAssets is zero.

  • Revert if shares is zero.

  • Revert if the current request has already been fulfilled.

Function call analysis

  • this._mint(address(this), shares) -> this._update(address(0), account, value) -> ERC20PluginsUpgradeable._update -> ERC20PluginsUpgradeable._updateBalances(address plugin, address from, address to, uint256 amount)

    • What is controllable? shares.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • SafeERC20.safeTransfer(IERC20(this.asset()), msg.sender, assets)

    • What is controllable? Can increase assets by depositing more assets.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑