Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Ethereum and Blast Exchanges>Threat Model>Function: depositToken()
GeneralOverview
Findings
High (2)
Medium (1)
Low (3)
Informational (2)
DiscussionLack of documentationCentralization risksEnforce a more recent Solidity version
Threat ModelWhat are threat models?BfxDepositU.sol
BfxU.solFunction: depositToken()withdraw
BfxVaultU.solPoolDepositU.solRabbitU.solVaultU.sol
Audit ResultsAssessment Results

Function: depositToken()

The function handles the deposit of tokens to the Blast exchange. This is a call to the handleDeposit function. Internally, the token passed as a parameter is checked to be supported.

The deposit function calls the same handleDeposit function with the defaultToken address passed as parameter. The same threat model applies to it.

Inputs

  • amount

    • Control: Completely controlled by the caller.

    • Constraints: The value must not be smaller than the minimum deposit, and the transfer must be successful. The final contract balance must be correct after the transfer.

    • Impact: The amount to deposit.

  • token

    • Control: Completely controlled by the caller.

    • Constraints: The token address is checked to be supported.

    • Impact: The token to deposit.

Branches and code coverage (including function calls)

Intended branches

  • Transfer some defaultToken from the sender to the contract.

  • The contract balance is correctly updated when the transfer succeeds.

Negative behavior

  • Revert when the amount is smaller than the minimum deposit.

  • Revert when the transfer fails.

  • Revert when the token is not supported.

Function call analysis

  • depositToken -> handleDeposit(uint256 amount, address token)

    • External/Internal? Internal.

    • Argument control? Both arguments are controlled.

    • Impact: Handle underlying checks on arguments and perform the transfer. Ensure the balance is updated correctly.

Zellic © 2025Back to top ↑