Assessment reports
Public findings
Back to Zellic site
↗
Assessment reports
>
Lido Fixed Income
>
Threat Model
>
maxStETHWithdrawalAmount
General
Overview
Findings
Critical (2)
High (3)
Medium (2)
Low (5)
Informational (2)
Discussion
Consider transferring stETH instead of ETH
Confusing math in finalizeVaultEndedWithdrawals
Premium claim requirement ensures safety too
Comment implies more centralization than exists
Use batch withdrawals for gas savings
Unused event `VaultCodeSet`
Threat Model
What are threat models?
LidoVault.sol
claimFixedPremium
deposit
finalizeVaultEndedWithdrawals
finalizeVaultNotStartedFixedWithdrawals
finalizeVaultOngoingFixedWithdrawals
finalizeVaultOngoingVariableWithdrawals
getFixedOngoingWithdrawalRequestIds
getFixedOngoingWithdrawalRequestTimestamp
initialize
isEnded
isStarted
maxStETHWithdrawalAmount
minStETHWithdrawalAmount
stakingBalance
withdraw
VaultFactory.sol
Audit Results
Summary
Function:
maxStETHWithdrawalAmount()
This function is to return constant maximum amount of stETH.
Zellic © 2024
Back to top ↑