Assessment reportsPublic findings
Back to Zellic site
Assessment reports>GTE -- Perp>Informational findings>Lack of explicit ,asset, validation
GeneralOverview
Findings
Critical (1)
High (4)
Medium (4)
Low (3)
Informational (6)Lack of explicit asset validationUnsafe cast from int256 to uint256Inaccessible market-setting functions via delegate callCentralization risk — owner-controlled deposits to insurance fund using user allowancesInconsistency between processWithdraws and previewWithdrawLack of documentation
DiscussionLimited test suiteThe setIndexPrice() update frequency
Threat ModelWhat are threat models?CollateralManager.solGTL.solPerpCLOB.solPerpManager.solPosition.sol
Audit ResultsAssessment Results
Category: Code Maturity

Lack of explicit asset validation

Informational Severity
Informational Impact
N/A Likelihood

Description

There is no explicit check for the asset parameter in the postFillOrder, postFillCloseOrder, postLimitOrder, and cancel functions to ensure that a market exists for the specified asset.

Although using an asset parameter corresponding to a nonexistent market causes these functions to revert, it is preferable to detect this condition earlier and revert with a dedicated error message.

Impact

The error messages emitted by these functions when an asset parameter corresponding to a nonexistent market is used may not clearly indicate that a market has not been created for the specified asset.

Recommendations

We recommend adding an explicit sanity check for the asset parameter at the beginning of these functions to ensure that a market has been created for the specified asset.

Remediation

Zellic © 2025Back to top ↑