Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic site

Assessment reports>Maia DAO Ulysses Protocol>Threat Model>withdrawERC721

GeneralOverview

Findings

DiscussionInsufficient verification in CoreRootRouter Enhanced validation in two functions Inaccurate status update Test suite

Threat ModelWhat are threat models?BranchBridgeAgent.sol BranchPort.sol RootBridgeAgent.sol RootPort.sol

VirtualAccount.sol call payableCall withdrawERC20 withdrawERC721 withdrawNative

Audit ResultsSummary

Function: `withdrawERC721(address _token, uint256 _tokenId)`

Transfers ownership of an ERC-721 token (NFT) from the virtual account to the sender. Can only be called by the approved caller.

Inputs

_token
- Control: Full control.
- Constraints: None, but it will revert if specifying a contract that does not implement ERC-721.
- Impact: The address of the token contract to withdraw from.
_tokenId
- Control: Full control.
- Constraints: None, but it will revert if the token ID is not owned by the virtual account nor approved to transfer it.
- Impact: The token ID to withdraw.

Branches and code coverage

Intended branches

Transfer NFT to the approved caller.
Test coverage

Negative behavior

Unapproved caller tries to claim NFT.
Negative test

Zellic © 2024Back to top ↑