Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Filecoin Services Payments>Threat Model>depositWithPermitAndIncreaseOperatorApproval
GeneralOverview
Findings
Low (1)
Informational (2)
Threat ModelWhat are threat models?
Payments.solModule: Payments.solcreateRaildepositdepositWithPermitdepositWithPermitAndApproveOperatordepositWithPermitAndIncreaseOperatorApprovalincreaseOperatorApprovalmodifyRailLockupmodifyRailPaymentsetOperatorApprovalsettleRailsettleTerminatedRailWithoutValidationterminateRailwithdrawwithdrawTo
Audit ResultsAssessment Results

Function: depositWithPermitAndIncreaseOperatorApproval(address token, address to, uint256 amount, uint256 deadline, uint8 v, byte[32] r, byte[32] s, address operator, uint256 rateAllowanceIncrease, uint256 lockupAllowanceIncrease)

This function performs a permit-based deposit and simultaneously increases the rate and lockup allowances for an already approved operator for to.

Inputs

  • token

    • Control: Fully controlled by the caller.

    • Constraints: Must be a non-native ERC-20 supporting EIP-2612.

    • Impact: Asset to deposit and token namespace for operator approval.

  • to

    • Control: Fully controlled by the caller.

    • Constraints: Must be nonzero and equal to msg.sender (permit recipient check).

    • Impact: Account credited and permit signer.

  • amount

    • Control: Fully controlled by the caller.

    • Constraints: N/A.

    • Impact: Intended amount to deposit (credited via balance delta).

  • deadline

    • Control: Fully controlled by the caller.

    • Constraints: Must be valid per token’s permit rules.

    • Impact: Permit-validity window.

  • v

    • Control: Fully controlled by the caller.

    • Constraints: Part of a valid ECDSA signature per EIP-2612.

    • Impact: Authorizes the allowance used for transfer.

  • r

    • Control: Fully controlled by the caller.

    • Constraints: Part of a valid ECDSA signature per EIP-2612.

    • Impact: Authorizes the allowance used for transfer.

  • s

    • Control: Fully controlled by the caller.

    • Constraints: Part of a valid ECDSA signature per EIP-2612.

    • Impact: Authorizes the allowance used for transfer.

  • operator

    • Control: Fully controlled by the caller.

    • Constraints: Must be nonzero and already approved.

    • Impact: Operator whose allowances are increased.

  • rateAllowanceIncrease

    • Control: Fully controlled by the caller.

    • Constraints: N/A.

    • Impact: Amount to increase the operator’s rate allowance.

  • lockupAllowanceIncrease

    • Control: Fully controlled by the caller.

    • Constraints: N/A.

    • Impact: Amount to increase the operator’s lockup allowance.

Branches and code coverage

Intended branches

  • Use EIP-2612 permit to grant allowance, perform ERC-20 transferFrom into the contract, and increase to’s internal balance by amount (credit delta).

  • Reject zero recipient / incorrect permit recipient.

  • Reject invalid/expired permit.

  • Success path (increase allowances, emits OperatorApprovalUpdated).

  • Zero-operator-address revert.

  • Operator-not-approved revert.

Zellic © 2025Back to top ↑