Assessment reports>Falcon Finance>Threat Model>withdraw

Function: withdraw(address to, uint256 amount)

This function allows _stakingVault to withdraw _USDF tokens from this contract.

Inputs

  • to

    • Control: Full control.

    • Constraints: N/A.

    • Impact: The address of the receiver of _USDF tokens.

  • amount

    • Control: Full control.

    • Constraints: N/A.

    • Impact: Amount of _USDF tokens to be withdrawn.

Branches and code coverage

Negative behavior

  • Caller is not a _stakingVault.

Function call analysis

  • this._USDF.transfer(to, amount)

    • What is controllable? to and amount.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? Reverts if the _USDF balance of this contract is less than the provided amounts.

Zellic © 2025Back to top ↑