Assessment reportsPublic findings
Back to Zellic site
Assessment reports>GTE>Threat Model>debitAccount
GeneralOverview
Findings
Critical (1)
High (2)
Medium (5)
Low (1)
DiscussionTest suite
Threat ModelWhat are threat models?CLOB.sol
CLOBManager.solapproveOperatorcreditAccountdebitAccountdepositdisapproveOperatorpullFromAccountpushToAccountsettleIncomingOrderwithdraw
GTERouter.solSimpleLaunchpad.sol
Audit ResultsAssessment Results

Function: debitAccount(address account, address token, uint256 amount)

This function allows a trusted market contract created by the owner of the contract using the createMarket function to decrease the internal account balance.

Inputs

  • account

    • Control: Full control.

    • Constraints: N/A.

    • Impact: The account address whose internal balance will be decreased.

  • token

    • Control: Full control.

    • Constraints: The internal balance of the account should be sufficient.

    • Impact: The token address whose balance will be decreased for the account.

  • amount

    • Control: Full control.

    • Constraints: The internal balance of the account should be sufficient.

    • Impact: The amount of tokens that will be transferred to this contract.

Branches and code coverage

Intended branches

  • The balance of the account has been decreased by the amount.

Negative behavior

  • The caller is not a trusted market.

  • The internal user's balance is not enough.

Function call analysis

  • CLOBManagerStorageLib.debitAccount(this._getStorage(), account, token, amount)

    • What is controllable? token, account, and amount

    • If the return value is controllable, how is it used and how can it go wrong? This function does not return a value.

    • What happens if it reverts, reenters or does other unusual control flow? Decreases the internal account balance using the specified amount and reverts if the balance is insufficient.

Zellic © 2025Back to top ↑