Assessment reportsPublic findings
Back to Zellic site
Assessment reports>GTE>Threat Model>withdraw
GeneralOverview
Findings
Critical (1)
High (2)
Medium (5)
Low (1)
DiscussionTest suite
Threat ModelWhat are threat models?CLOB.sol
CLOBManager.solapproveOperatorcreditAccountdebitAccountdepositdisapproveOperatorpullFromAccountpushToAccountsettleIncomingOrderwithdraw
GTERouter.solSimpleLaunchpad.sol
Audit ResultsAssessment Results

Function: withdraw(address account, address token, uint256 amount, bool toOperator)

This function allows an account itself or approved operator to withdraw the deposited token. Funds can be transferred to the operator or to the account, depending on the toOperator.

Inputs

  • account

    • Control: Full control.

    • Constraints: If account is not equal to msg.sender, msg.sender should be isApprovedOperator.

    • Impact: The amount will be withdrawn from this account.

  • token

    • Control: Full control.

    • Constraints: The account should have a nonzero balance of this token to withdraw.

    • Impact: The token will be withdrawn.

  • amount

    • Control: Full control.

    • Constraints: The account should have enough tokens to withdraw.

    • Impact: The amount will be withdrawn.

  • toOperator

    • Control: Full control.

    • Constraints: N/A.

    • Impact: If the caller is an operator and toOperator is true, withdrawn funds will be transferred to the operator.

Branches and code coverage

Intended branches

  • Funds have been withdrawn successfully to the account if toOperator is false and the caller is an operator.

  • Funds have been withdrawn successfully to the operator if toOperator is true and the caller is an operator.

  • Funds have been withdrawn successfully to the account if toOperator is false and the caller is the account itself.

  • Funds have been withdrawn successfully to the account if toOperator is true and the caller is the account itself.

Negative behavior

  • Withdraw the full balance and try to withdraw again.

  • The caller is not an account and is not an approved operator.

Function call analysis

  • CLOBManagerStorageLib.debitAccount(ds, account, token, amount)

    • What is controllable? account, token, and amount.

    • If the return value is controllable, how is it used and how can it go wrong? This function does not return a value.

    • What happens if it reverts, reenters or does other unusual control flow? Decreases the internal account balance with the specified amount and reverts if the balance is less than the provided amount.

  • SafeTransferLib.safeTransfer(token, recipient, amount)

    • What is controllable? token, recipient, and amount.

    • If the return value is controllable, how is it used and how can it go wrong? This function does not return a value.

    • What happens if it reverts, reenters or does other unusual control flow? Reentrancy is possible, but the external transfer call is executed after the internal balance of the account is increased, so it is not possible to do a double withdrawal.

Zellic © 2025Back to top ↑