Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>EigenLayer DVN>Threat Model>Function: refundRequest(uint256 _id, string memory _response)
GeneralOverview
Threat ModelWhat are threat models?
1-LayerZeroSlasherFunction: queueRequest(string memory _description)Function: refundRequest(uint256 _id, string memory _response)Function: cancelRequest(uint256 _id, string memory _response)Function: fulfillRequest(uint256 _id, IStrategy[] memory _strategies, uint256[] memory _wadsToSlash, string memory _response)
2-LayerZeroAVSRegistrar
Audit ResultsAssessment Results

Function: refundRequest(uint256 _id, string memory _response)

After the bonding period, anyone may call this function to refund the bonder their token. The contract owner may also call the function at any time.

Inputs

  • _id

    • Validation: Must have the status Status.QUEUED.

    • Impact: Ensures that only requests that are in the queued state can be refunded. The status is changed to Status.REFUNDED in this function.

  • _response

    • Validation: None, but it may only be set by the contract owner.

    • Impact: The contract owner may pass a response string to provide additional context for the refund. It is simply stored in the struct and emitted in an event.

  • msg.sender

    • Validation: None. However, there are different constraints on when the function may be called based on the sender.

    • Impact: If the sender is the contract owner, they may call the function at any time. If the sender is not the contract owner, they may only call the function after the bonding period has elapsed.

Branches and code coverage (including function calls)

Intended branches

Negative behavior

Function call analysis

  • refundRequest -> safeTransferFrom

    • External/internal? External.

    • Argument control? None.

    • Impact: Transfers the token back to the bonder.

Zellic © 2025Back to top ↑