Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>EigenLayer DVN>Threat Model>Function: cancelRequest(uint256 _id, string memory _response)
GeneralOverview
Threat ModelWhat are threat models?
1-LayerZeroSlasherFunction: queueRequest(string memory _description)Function: refundRequest(uint256 _id, string memory _response)Function: cancelRequest(uint256 _id, string memory _response)Function: fulfillRequest(uint256 _id, IStrategy[] memory _strategies, uint256[] memory _wadsToSlash, string memory _response)
2-LayerZeroAVSRegistrar
Audit ResultsAssessment Results

Function: cancelRequest(uint256 _id, string memory _response)

Only the contract owner may call this function to cancel a queued request during the approval window (before expiry). Cancelling penalizes the bonder by sending the bond to the owner.

Inputs

  • _id

    • Validation: The _requests associated with _id must have the status QUEUED — also requires block.timestamp <= request.expiry.

    • Impact: Ensures only queued, nonexpired requests can be canceled. The status is changed to Status.CANCELLED.

  • _response

    • Validation: None.

    • Impact: Stored in the request struct and emitted in an event for context.

Branches and code coverage

Intended branches

Negative behavior

Function call analysis

  • cancelRequest -> safeTransfer

    • External/internal? External.

    • Argument control? None by the caller — to is the contract owner and amount is the stored bond.

    • Impact: Transfers the bond from the contract to the owner (bonder loses the bond).

Zellic © 2025Back to top ↑