Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Lazer>Threat Model>verifyUpdate
GeneralOverview
Findings
Low (2)
Informational (3)
Threat ModelWhat are threat models?
PythLazer.solupdateTrustedSignerverifyUpdate
Audit ResultsAssessment Results

Function: verifyUpdate(bytes update)

Based on the extracted signature value from the provided update, the function verifies the update of the authenticated signer and extracts the contents of the bytes update to return it alongside the signer.

Inputs

  • update

    • Control: Arbitrary.

    • Constraints: The length of the bytes type data must be at least 71 or greater.

    • Impact: The signer and payload are extracted from the bytes data of the provided update for verification, after which they are returned.

Branches and code coverage

Intended branches

  • When including the signature of the trusted signer and delivering the payload in the form of byte data, the values are accurately extracted and returned.

  • When Ether exceeding the verification_fee value is sent, the remaining Ether is accurately returned to the caller.

Negative behavior

  • When the length of the update data is less than 71, the transaction reverts.

  • If the first four bytes of the update do not match the EVM_FORMAT_MAGIC value, the transaction reverts.

  • If the signer value recovered from the signature is not included in the trustedSigners array, the transaction reverts.

Function call analysis

  • No external function calls found.

Zellic © 2025Back to top ↑