Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Maia DAO Ulysses Protocol>Threat Model>manage
GeneralOverview
Findings
Low (2)
DiscussionInsufficient verification in CoreRootRouterEnhanced validation in two functionsInaccurate status updateTest suite
Threat ModelWhat are threat models?BranchBridgeAgent.sol
BranchPort.solmanagereplenishReservesreplenishReserves
RootBridgeAgent.solRootPort.solVirtualAccount.sol
Audit ResultsSummary

Function: manage(address _token, uint256 _amount)

The function allows a strategy contract to withdraw a specified amount of a given token. The function performs several checks: ensure that strategy is trusted contract and that the requested amount does not exceed the limit.

Inputs

  • _token

    • Control: Full control by the caller.

    • Constraints: The _token should be a trusted strategy token.

    • Impact: Specifies the token that will be transferred from this contract to the caller account.

  • _amount

    • Control: Full control by the caller.

    • Constraints: There is a check to ensure that the requested amount does not exceed limits.

    • Impact: The amount of the token requested by strategy.

Branches and code coverage

Intended branches

  • Check that tokens have been transferred to the strategy.

  • Check that getPortStrategyTokenDebt has been increased.

Negative behavior

  • Caller is untrusted strategy.

  • The _amount is more than the limit.

Function call analysis

  • SafeTransferLib.safeTransfer(_token, msg.sender, _amount)

    • What is controllable? _token and _amount are controlled by the caller,

    • If the return value is controllable, how is it used and how can it go wrong? There is no return value.

    • What happens if it reverts, reenters or does other unusual control flow? Function transfers the requested tokens to the strategy contract. If the contract does not have enough tokens, the function call will revert.

Zellic © 2025Back to top ↑