Assessment reportsPublic findings
Back to Zellic site
Assessment reports>GTE>Threat Model>approveOperator
GeneralOverview
Findings
Critical (1)
High (2)
Medium (5)
Low (1)
DiscussionTest suite
Threat ModelWhat are threat models?CLOB.sol
CLOBManager.solapproveOperatorcreditAccountdebitAccountdepositdisapproveOperatorpullFromAccountpushToAccountsettleIncomingOrderwithdraw
GTERouter.solSimpleLaunchpad.sol
Audit ResultsAssessment Results

Function: approveOperator(address operator)

This function allows any caller to set an operator. The provided operator address must be one that is allowed by the owner of this contract. The user's operator is permitted to call the deposit and withdraw functions from this contract. Additionally, the postFillOrder, postLimitOrder, amend, and cancel market functions are available for execution by the user's operator.

Inputs

  • operator

    • Control: Full control.

    • Constraints: allowedOperators[operator] is true.

    • Impact: The operator can act on behalf of the caller's account.

Branches and code coverage

Intended branches

  • The provided operator has been successfully set up.

Negative behavior

  • The provided operator is not allowed by the owner.

Function call analysis

  • CLOBManagerStorageLib.approveOperator(ds, operator)

    • What is controllable? operator.

    • If the return value is controllable, how is it used and how can it go wrong? This function does not return a value.

    • What happens if it reverts, reenters or does other unusual control flow? Reverts if the provided operator is not allowed by the owner.

Zellic © 2025Back to top ↑