Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Cove>Threat Model>initialize
GeneralOverview
Findings
Critical (2)
High (3)
Medium (2)
Low (1)
Informational (1)
DiscussionTransparent intent of redeemal might lead to unintended consequencesShares can round down to zeroWeights can pass uncheckedDenial-of-service risk where attackers can disrupt rebalance process with BasketManagerUtils.completeRebalance() functionality
Threat ModelWhat are threat models?AnchoredOracle.solAssetRegistry.solBasketManagerUtils.solBasketToken.solCoWSwapAdapter.sol
CoWSwapClone.solinitialize
FeeCollector.solManagedWeightStrategy.sol
Audit ResultsAssessment Results

Function: initialize()

This function initializes this contract by approving the vault relayer to spend the maximum amount of the sell token.

Branches and code coverage

Intended branches

  • Call IERC20(sellToken()).forceApprove(_VAULT_RELAYER, type(uint256).max).

Zellic © 2025Back to top ↑