Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Lido Fixed Income>Threat Model>getFixedOngoingWithdrawalRequestTimestamp
GeneralOverview
Findings
Critical (2)
High (3)
Medium (2)
Low (5)
Informational (2)
DiscussionConsider transferring stETH instead of ETHConfusing math in finalizeVaultEndedWithdrawalsPremium claim requirement ensures safety tooComment implies more centralization than existsUse batch withdrawals for gas savingsUnused event `VaultCodeSet`
Threat ModelWhat are threat models?
LidoVault.solclaimFixedPremiumdepositfinalizeVaultEndedWithdrawalsfinalizeVaultNotStartedFixedWithdrawalsfinalizeVaultOngoingFixedWithdrawalsfinalizeVaultOngoingVariableWithdrawalsgetFixedOngoingWithdrawalRequestIdsgetFixedOngoingWithdrawalRequestTimestampinitializeisEndedisStartedmaxStETHWithdrawalAmountminStETHWithdrawalAmountstakingBalancewithdraw
VaultFactory.sol
Audit ResultsSummary

Function: getFixedOngoingWithdrawalRequestTimestamp(address user)

This function is to get the timestamp of fixed-side withdraw requests after vault ended.

Inputs

  • user

    • Control: Arbitrary.

    • Constraints: None.

    • Impact: The value of the timestamp from fixed-side withdraw requests for the user.

Zellic © 2025Back to top ↑