Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Falcon Finance>Threat Model>withdraw
GeneralOverview
Findings
Medium (1)
Low (1)
Informational (4)
DiscussionThe initialization of StakedUSDf may failThe vestingPeriod and cooldownDuration can be set to zero simultaneously
Threat ModelWhat are threat models?ClassicMinterV1.solFalconBundler.solFalconPosition.solPreCollateralizedMinter.sol
StakedUSDf.solcooldownAssetscooldownSharesredeemunstakewithdraw
USDfSilo.sol
Audit ResultsAssessment Results

Function: withdraw(uint256 assets, address receiver, address owner)

This function overrides the withdraw function of ERC-4626 and can be called when the cooldown is off.

Inputs

  • assets

    • Control: Fully controlled by the caller.

    • Constraints: N/A.

    • Impact: Amount of assets to be withdrawn.

  • receiver

    • Control: Fully controlled by the caller.

    • Constraints: N/A.

    • Impact: Address of the receiver who will receive the withdrawn shares.

  • owner

    • Control: Fully controlled by the caller.

    • Constraints: N/A.

    • Impact: Owner's address of the vault shares to be burned for the withdrawal.

Branches and code coverage

Intended branches

  • Check if cooldown is off.

  • Call parent's withdraw function.

Negative behavior

  • If cooldown is not off, the transaction will be reverted.

Zellic © 2025Back to top ↑