Assessment reports>InfiniCard Vault>Threat Model>withdrawToCEX

Function: withdrawToCEX(address token, uint256 amount, address custodian, address strategy, bytes redeemInfo)

This function allows the backend to withdraw a specified amount of a token to a custodian address. If the vault's balance of the token is insufficient, it attempts to withdraw the required amount from a specified strategy. The function ensures that both the token and the custodian are whitelisted.

Inputs

  • token

    • Control: Controlled by the caller with INFINI_BACKEND_ROLE.

    • Constraints: None.

    • Impact: The token to be withdrawn to the custodian.

  • amount

    • Control: Controlled by the caller with INFINI_BACKEND_ROLE.

    • Constraints: None.

    • Impact: The amount of tokens to withdraw.

  • custodian

    • Control: Controlled by the caller with INFINI_BACKEND_ROLE.

    • Constraints: None.

    • Impact: The recipient of the withdrawn tokens.

  • strategy

    • Control: Controlled by the caller with INFINI_BACKEND_ROLE.

    • Constraints: None.

    • Impact: Source strategy from which to withdraw tokens.

  • redeemInfo

    • Control: Controlled by the caller with INFINI_BACKEND_ROLE.

    • Constraints: None.

    • Impact: Additional data passed to the strategy when redeeming tokens.

Branches and code coverage

Intended branches

  • Tries to withdraw from the strategy if the balance is not enough.

  • Calculates actualAmount based on the vault and transfers the tokens to the custodian.

Negative behavior

  • Reverts if the caller does not have INFINI_BACKEND_ROLE.

  • Reverts if the token is not in the token whitelist.

  • Reverts if custodian is not in the custodian whitelist.

  • Reverts if the balance is insufficient and strategy is zero address.

  • Reverts if underlyingToken from the strategy does not match token.

Function call analysis

  • _withdraw_from_strategy(strategy, amount, redeemInfo)

    • What is controllable? strategy, amount, and redeemInfo.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? If this reverts, the entire transaction would revert — no reentrancy scenario.

  • _transferAsset(token, actualAmount, custodian)

    • What is controllable? token, actualAmount, and custodian.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? If this reverts, the entire transaction would revert — no reentrancy scenario.

Zellic © 2025Back to top ↑