Assessment reports>Cove>Threat Model>withdraw

Function: withdraw(uint256 assets, address receiver, address controller)

This function transfers a user's assets owed for a previously fulfilled redemption request.

Inputs

  • assets

    • Control: Fully controlled by the caller.

    • Constraints: This must match _maxWithdraw(fulfilledAssets, redeemShares, redeemRequest.totalRedeemShares).

    • Impact: The amount of assets previously requested for redemption.

  • receiver

    • Control: Fully controlled by the caller.

    • Constraints: None at this level.

    • Impact: The address to receive the assets.

  • controller

    • Control: Fully controlled by the caller.

    • Constraints: The caller must be the controller or an operator of the controller.

    • Impact: The address of the controller of the redeem request.

Branches and code coverage

Intended branches

  • Set redeemRequest.redeemShares[controller] to zero.

  • Transfer assets to receiver.

Negative behavior

  • Revert if the caller is not the controller or an operator of the controller.

  • Revert if assets does not match _maxWithdraw(fulfilledAssets, redeemShares, redeemRequest.totalRedeemShares).

Function call analysis

  • this._claimRedemption(redeemRequest, assets, shares, receiver, controller) -> SafeERC20.safeTransfer(IERC20(this.asset()), receiver, assets)

    • What is controllable? assets, receiver, and controllershares is partially controllable by the caller.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑