Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Metavest>Threat Model>addMetavestMilestone
GeneralOverview
Findings
Critical (1)
High (7)
Medium (4)
Low (4)
Informational (1)
Threat ModelWhat are threat models?BaseAllocation.sol
MetaVesTController.solacceptAuthorityRoleacceptDaoRoleaddMetaVestToSetaddMetavestMilestoneconsentToMetavestAmendmentcreateAndInitializeRestrictedTokenAwardcreateAndInitializeTokenOptionAllocationcreateMetavestcreateRestrictedTokenAwardcreateSetcreateTokenOptionAllocationcreateVestingAllocationinitiateAuthorityUpdateinitiateDaoUpdateproposeMajorityMetavestAmendmentproposeMetavestAmendmentremoveFunctionConditionremoveMetaVestFromSetremoveMetavestMilestoneremoveSetsetMetaVestGovVariablesterminateMetavestVestingupdateExerciseOrRepurchasePriceupdateFunctionConditionupdateMetavestStopTimesupdateMetavestTransferabilityupdateMetavestUnlockRateupdateMetavestVestingRatevoteOnMetavestAmendmentwithdrawFromController
MetaVesTFactory.solRestrictedTokenAllocation.solRestrictedTokenFactory.solTokenOptionAllocation.solTokenOptionFactory.solVestingAllocation.solVestingAllocationFactory.sol
Audit ResultsAssessment Results

Function: addMetavestMilestone(address _grant, VestingAllocation.Milestone _milestone)

This function is used to add a milestone to the allocation.

Inputs

  • _grant

    • Control: Arbitrary.

    • Constraints: Should be a valid allocation address.

    • Impact: Address of the grant.

  • _milestone

    • Control: Arbitrary.

    • Constraints: None.

    • Impact: Struct of the milestone including milestoneAward, unlockOnCompletion, complete, and an array of conditionContracts addresses.

Branches and code coverage

Intended branches

  • Add the provided milestone to the allocation.

  • Transfer the _milestone.milestoneAward tokens from the authority to the allocation.

Negative behavior

  • Revert if the caller is not the authority.

  • Revert if the _milestone.milestoneAward is zero.

  • Revert if the token allowance of authority is less than the _milestone.milestoneAward.

  • Revert if the token balance of authority is less than the _milestone.milestoneAward.

Function call analysis

  • BaseAllocation(_grant).getMetavestDetails()

    • What is controllable? _grant.

    • If the return value is controllable, how is it used and how can it go wrong? Return the metavest details of the grant.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • IERC20M(_tokenContract).allowance(msg.sender, address(this))

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? Return the allowance of the sender to the allocation contract. If the allowance is less than the _milestone.milestoneAward, the function reverts.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • IERC20M(_tokenContract).balanceOf(msg.sender)

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? Return the token balance of the sender. If the balance is less than the _milestone.milestoneAward, the function reverts.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.safeTransferFrom(_tokenContract, msg.sender, _grant, _milestone.milestoneAward)

    • What is controllable? _grant and _milestone.milestoneAward.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • BaseAllocation(_grant).addMilestone(_milestone)

    • What is controllable? _grant and _milestone.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2024Back to top ↑