Assessment reportsPublic findings
Back to Zellic site
↗
Assessment reports>Lido Fixed Income>Threat Model>getFixedOngoingWithdrawalRequestIds
GeneralOverview
Findings
Critical (2)
High (3)
Medium (2)
Low (5)
Informational (2)
DiscussionConsider transferring stETH instead of ETHConfusing math in finalizeVaultEndedWithdrawalsPremium claim requirement ensures safety tooComment implies more centralization than existsUse batch withdrawals for gas savingsUnused event `VaultCodeSet`
Threat ModelWhat are threat models?
LidoVault.solclaimFixedPremiumdepositfinalizeVaultEndedWithdrawalsfinalizeVaultNotStartedFixedWithdrawalsfinalizeVaultOngoingFixedWithdrawalsfinalizeVaultOngoingVariableWithdrawalsgetFixedOngoingWithdrawalRequestIdsgetFixedOngoingWithdrawalRequestTimestampinitializeisEndedisStartedmaxStETHWithdrawalAmountminStETHWithdrawalAmountstakingBalancewithdraw
VaultFactory.sol
Audit ResultsSummary

Function: getFixedOngoingWithdrawalRequestIds(address user)

This function is to get RequestIds of fixed-side withdraw requests after vault ended.

Inputs

  • user

    • Control: Arbitrary.

    • Constraints: None.

    • Impact: The value of RequestIds from fixed-side withdraw requests for user.

Zellic © 2025Back to top ↑