Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic site

Assessment reports>Falcon Finance>Threat Model>withdraw

GeneralOverview

Findings

Informational (4)

DiscussionThe initialization of StakedUSDf may fail The vestingPeriod and cooldownDuration can be set to zero simultaneously

Threat ModelWhat are threat models?ClassicMinterV1.sol FalconBundler.sol FalconPosition.sol PreCollateralizedMinter.sol StakedUSDf.sol

USDfSilo.sol setStakingVault withdraw

Audit ResultsAssessment Results

Function: `withdraw(address to, uint256 amount)`

This function allows _stakingVault to withdraw _USDF tokens from this contract.

Inputs

to
- Control: Full control.
- Constraints: N/A.
- Impact: The address of the receiver of _USDF tokens.
amount
- Control: Full control.
- Constraints: N/A.
- Impact: Amount of _USDF tokens to be withdrawn.

Branches and code coverage

Negative behavior

Caller is not a _stakingVault.
Negative test

Function call analysis

this._USDF.transfer(to, amount)
- What is controllable? to and amount.
- If the return value is controllable, how is it used and how can it go wrong? N/A.
- What happens if it reverts, reenters or does other unusual control flow? Reverts if the _USDF balance of this contract is less than the provided amounts.

Zellic © 2025Back to top ↑