Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Deltaswap>Threat Model>burn
GeneralOverview
Findings
High (1)
DiscussionUniswap differences
Threat ModelWhat are threat models?
DeltaSwapPair.solburnmintswap
Audit ResultsSummary

Function: burn(address to)

This function can be called to burn liquidity tokens in exchange for a corresponding share of underlying assets.

Inputs

  • to

    • Control: Arbitrary.

    • Constraints: None.

    • Impact: Recipient of the assets.

Branches and code coverage

Intended branches

  • Burns liquidity tokens and transfers the corresponding amount of underlying assets to the recipient.

Negative behavior

  • Reverts if zero assets are transferred.

Function call analysis

  • IERC20(_token0).balanceOf(address(this))

    • What is controllable? None.

    • If the return value is controllable, how is it used and how can it go wrong? Return value can be increased by transferring asset0 to the contract, but it is not useful for an attacker.

    • What happens if it reverts, reenters or does other unusual control flow? Reverts are propagated upwards; reentrancy is prevented via reentrancy guard.

  • IERC20(_token1).balanceOf(address(this))

    • What is controllable? None.

    • If the return value is controllable, how is it used and how can it go wrong? Return value can be increased by transferring asset1 to the contract, but it is not useful for an attacker.

    • What happens if it reverts, reenters or does other unusual control flow? Reverts are propagated upwards; reentrancy is prevented via reentrancy guard.

  • this._mintFee(_reserve0, _reserve1) -> IDeltaSwapFactory(this.factory).feeTo()

    • What is controllable? Nothing.

    • If the return value is controllable, how is it used and how can it go wrong? Not controllable.

    • What happens if it reverts, reenters or does other unusual control flow? Cannot revert nor reenter.

  • IERC20(_token0).balanceOf(address(this))

    • What is controllable? None.

    • If the return value is controllable, how is it used and how can it go wrong? Return value cannot be controlled independently from the previous balanceOf call.

    • What happens if it reverts, reenters or does other unusual control flow? Reverts are propagated upwards; reentrancy is prevented via reentrancy guard.

  • IERC20(_token1).balanceOf(address(this))

    • What is controllable? None.

    • If the return value is controllable, how is it used and how can it go wrong? Return value cannot be controlled independently from the previous balanceOf call.

    • What happens if it reverts, reenters or does other unusual control flow? Reverts are propagated upwards; reentrancy is prevented via reentrancy guard.

Zellic © 2025Back to top ↑