Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Filecoin Services Payments>Threat Model>modifyRailPayment
GeneralOverview
Findings
Low (1)
Informational (2)
Threat ModelWhat are threat models?
Payments.solModule: Payments.solcreateRaildepositdepositWithPermitdepositWithPermitAndApproveOperatordepositWithPermitAndIncreaseOperatorApprovalincreaseOperatorApprovalmodifyRailLockupmodifyRailPaymentsetOperatorApprovalsettleRailsettleTerminatedRailWithoutValidationterminateRailwithdrawwithdrawTo
Audit ResultsAssessment Results

Function: modifyRailPayment(uint256 railId, uint256 newRate, uint256 oneTimePayment)

Modifies the payment rate and optionally makes a one-time payment.

Inputs

  • railId

    • Control: Fully controlled by the caller.

    • Constraints: Must be a valid, active rail that the caller is an operator of.

    • Impact: The ID of the rail to modify.

  • newRate

    • Control: Fully controlled by the caller.

    • Constraints: For terminated rails, it cannot exceed the existing rate. Otherwise, the rail must be settled in order to modify it.

    • Impact: The new payment rate (per epoch). This new rate applies starting the next epoch after the current one.

  • oneTimePayment

    • Control: Fully controlled by the caller.

    • Constraints: Cannot exceed the rail's current lockupFixed.

    • Impact: Optional one-time payment amount to transfer immediately, taken out of the rail's fixed lockup.

Branches and code coverage

Intended branches

  • Caller is a valid operator, new rate is equal to old rate, no one time payment.

  • Caller is a valid operator, new rate is equal to old rate, has one time payment.

  • Caller is a valid operator, new rate is lower than the old rate, no one time payment.

  • Caller is a valid operator, new rate is lower than the old rate, has one time payment.

  • Caller is a valid operator, new rate is higher than the old rate, no one time payment.

  • Caller is a valid operator, new rate is higher than the old rate, has one time payment.

  • Caller is a valid operator, the rail is terminated and the rate is equal to the old rate.

Negative behavior

  • Caller is a valid operator and tries to do a one time payment with insufficient funds.

  • Caller is not a valid operator.

  • Caller is a valid operator and tries to call the function on a terminated rail after the end epoch.

  • Caller is a valid operator and tries to increase the rate of a terminated rail.

  • Rail is not terminated, but lockup rate is less than the old rate.

Function call analysis

None of the functions do external calls, just internal book keeping.

  • Payments.modifyRailPayment->enqueueRateChange(rail, oldRate, newRate)

    • Inserts the rate change into the rail's rail.rateChangeQueue.

  • Payments.modifyRailPayment->updateOperatorRateUsage

    • If rail rate is modified, this internally updates approval.rateUsage to account for the increased or decreased rate.

  • Payments.modifyRailPayment->updateOperatorLockupUsage

    • If rail rate is modified, this internally updates approval.lockupUsage to account for the increased or decreased rate.

  • Payments.modifyRailPayment->updateOperatorAllowanceForOneTimePayment

    • If a one time payment is included, this subtracts the payment from approval.lockupUsage and approval.lockupAllowance.

  • Payments.modifyRailPayment->processOneTimePayment

    • If there is an optional one time payment, this is subtracted from the payer's funds, crediting it with any fees paid while doing so.

Zellic © 2025Back to top ↑