Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Ethereum and Blast Exchanges>Threat Model>withdraw
GeneralOverview
Findings
High (2)
Medium (1)
Low (3)
Informational (2)
DiscussionLack of documentationCentralization risksEnforce a more recent Solidity version
Threat ModelWhat are threat models?BfxDepositU.sol
BfxU.solFunction: depositToken()withdraw
BfxVaultU.solPoolDepositU.solRabbitU.solVaultU.sol
Audit ResultsAssessment Results

Function: function withdraw()

This function withdraws an amount of the defaultToken if the ECDSA signature verifies the given id, trader, and amount on the Blast chain.

The withdrawToken and withdrawNative functions work similarly, except that the token address is included in the signature. The same threat model applies to them.

Inputs

  • id

    • Control: Controlled by the caller.

    • Constraints: N/A.

    • Impact: Preventing replay attacks.

  • trader

    • Control: Controlled by the caller.

    • Constraints: The trader in the given signature must match.

    • Impact: Ensuring the address of the recipient was authorized.

  • amount

    • Control: Completely controlled by the caller.

    • Constraints: The amount in the given signature must match, and the value must be bigger than zero.

    • Impact: The amount to transfer.

  • v

    • Control: Completely controlled by the caller.

    • Constraints: The v argument of the ECDSA signature can be either 27 or 28, arbitrary to be compatible with the AWS KMS.

    • Impact: A part of the signature to verify.

  • r

    • Control: Completely controlled by the caller.

    • Constraints: This must be a part of the valid ECDSA signature for the given id, trader, and amount.

    • Impact: The first part of the signature to verify.

  • s

    • Control: Completely controlled by the caller.

    • Constraints: This must be a part of the valid ECDSA signature with the given id, trader, and amount.

    • Impact: The second part of the signature to verify.

Branches and code coverage (including function calls)

Intended branches

  • Verify the signature.

  • Verify the signature with another v value.

  • Send the defaultToken to the given trader and verify the balance is correct.

Negative behavior

  • Revert when it fails to verify an incorrect signature.

  • Revert when the amount is zero.

  • Revert when the id is already withdrawn.

  • Revert when the signature is replayed from the Ethereum chain.

  • Revert when the transfer fails.

Function call analysis

  • withdraw -> getDigest(id, trader, amount, defaultToken, false)

    • External/Internal? Internal.

    • Argument control? id, trader, and amount are controlled.

    • Impact: Compute the hash of the parameters before the signature.

  • withdraw -> verify(digest, v, r, s)

    • External/Internal? Internal.

    • Argument control? v, r, and s are controlled.

    • Impact: Verify the ECDSA signature.

  • withdraw -> makeTransfer(trader, amount, defaultToken)

    • External/Internal? Internal.

    • Argument control? trader and amount are controlled but must be signed correctly.

    • Impact: Transfer the token to the trader.

Zellic © 2025Back to top ↑