Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Maia DAO Ulysses Protocol>Threat Model>replenishReserves
GeneralOverview
Findings
Low (2)
DiscussionInsufficient verification in CoreRootRouterEnhanced validation in two functionsInaccurate status updateTest suite
Threat ModelWhat are threat models?BranchBridgeAgent.sol
BranchPort.solmanagereplenishReservesreplenishReserves
RootBridgeAgent.solRootPort.solVirtualAccount.sol
Audit ResultsSummary

Function: replenishReserves(address _token, uint256 _amount)

This function allows a strategy contract to repay a specified amount of debt with a given token.

Inputs

  • _token

    • Control: Full control by the caller.

    • Constraints: There are no constraints.

    • Impact: Specifies the token in which the debt is being repaid.

  • _amount

    • Control: Full control by the caller.

    • Constraints: The function will revert if the strategy does not have enough debt to repay this amount.

    • Impact: Represents the amount of the token to be repaid.

Branches and code coverage

Intended branches

  • Check that tokens have been transferred from the caller.

  • Check that getPortStrategyTokenDebt has been decreased.

Negative behavior

  • Caller is not trusted strategy.

  • The _amount is more than the debt for this strategy.

Function call analysis

  • IPortStrategy(msg.sender).withdraw(address(this), _token, _amount)

    • What is controllable? _token and _amount are controlled by the caller, but if _amount is not zero, the function will revert if the caller/strategy does not have enough debt to repay this amount.

    • If the return value is controllable, how is it used and how can it go wrong? There is no return value.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑