Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic site

Assessment reports>GTE>Threat Model>pushToAccount

GeneralOverview

Findings

DiscussionTest suite

Threat ModelWhat are threat models?CLOB.sol

CLOBManager.sol approveOperator creditAccount debitAccount deposit disapproveOperator pullFromAccount pushToAccount settleIncomingOrder withdraw

GTERouter.sol SimpleLaunchpad.sol

Audit ResultsAssessment Results

Function: `pushToAccount(address account, address token, uint256 amount)`

This function allows a trusted market contract created by the owner of the contract using the createMarket function to transfer tokens directly to the account.

Inputs

account
- Control: Full control.
- Constraints: N/A.
- Impact: The receiver of tokens.
token
- Control: Full control.
- Constraints: The balance of the contract should be sufficient.
- Impact: The token address to transfer.
amount
- Control: Full control.
- Constraints: The balance of the contract should be sufficient.
- Impact: The amount of tokens to transfer.

Branches and code coverage

Intended branches

Tokens have been successfully transferred to the account.
Test coverage

Negative behavior

The caller is not a trusted market.
Negative test

Function call analysis

SafeTransferLib.safeTransfer(token, account, amount)
- What is controllable? token, account, and amount.
- If the return value is controllable, how is it used and how can it go wrong? This function does not return a value.
- What happens if it reverts, reenters or does other unusual control flow? Transfers the provided amount of tokens to the specified account.

Zellic © 2025Back to top ↑