Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Metavest>Threat Model>createMetavest
GeneralOverview
Findings
Critical (1)
High (7)
Medium (4)
Low (4)
Informational (1)
Threat ModelWhat are threat models?BaseAllocation.sol
MetaVesTController.solacceptAuthorityRoleacceptDaoRoleaddMetaVestToSetaddMetavestMilestoneconsentToMetavestAmendmentcreateAndInitializeRestrictedTokenAwardcreateAndInitializeTokenOptionAllocationcreateMetavestcreateRestrictedTokenAwardcreateSetcreateTokenOptionAllocationcreateVestingAllocationinitiateAuthorityUpdateinitiateDaoUpdateproposeMajorityMetavestAmendmentproposeMetavestAmendmentremoveFunctionConditionremoveMetaVestFromSetremoveMetavestMilestoneremoveSetsetMetaVestGovVariablesterminateMetavestVestingupdateExerciseOrRepurchasePriceupdateFunctionConditionupdateMetavestStopTimesupdateMetavestTransferabilityupdateMetavestUnlockRateupdateMetavestVestingRatevoteOnMetavestAmendmentwithdrawFromController
MetaVesTFactory.solRestrictedTokenAllocation.solRestrictedTokenFactory.solTokenOptionAllocation.solTokenOptionFactory.solVestingAllocation.solVestingAllocationFactory.sol
Audit ResultsAssessment Results

Function: createMetavest(metavestType _type, address _grantee, BaseAllocation.Allocation _allocation, BaseAllocation.Milestone[] _milestones, uint256 _exercisePrice, address _paymentToken, uint256 _shortStopDuration, uint256 _longStopDate)

This function is used to create a new allocation contract.

Inputs

  • _type

    • Control: Arbitrary.

    • Constraints: Should be one of the metavest types.

    • Impact: Type of metavest to create.

  • _grantee

    • Control: Arbitrary.

    • Constraints: None.

    • Impact: Address of the grantee.

  • _allocation

    • Control: Arbitrary.

    • Constraints: None.

    • Impact: Struct of the allocation including Allocation fields: tokenStreamTotal, vestingCliffCredit, unlockingCliffCredit, vestingRate, vestingStartTime, unlockRate, unlockStartTime, and tokenContract.

  • _milestones

    • Control: Arbitrary.

    • Constraints: None.

    • Impact: Array of Milestone. Struct of the milestone including milestoneAward, unlockOnCompletion, complete, and an array of conditionContracts addresses.

  • _exercisePrice

    • Control: Arbitrary.

    • Constraints: None.

    • Impact: Value of exercise price.

  • _paymentToken

    • Control: Arbitrary.

    • Constraints: None.

    • Impact: Address of payment token.

  • _shortStopDuration

    • Control: Arbitrary.

    • Constraints: None.

    • Impact: Value of short stop duration.

  • _longStopDate

    • Control: Arbitrary.

    • Constraints: None.

    • Impact: Value of long stop date.

Branches and code coverage

Intended branches

  • Call the corresponding allocation-creation function based on the _type.

Negative behavior

  • Revert if the caller is not the authority.

  • Revert if not all the conditions about this function signature are met.

  • Revert if the metavest type is not valid.

Function call analysis

  • this.createVestingAllocation(_grantee, _allocation, _milestones) -> this.validateTokenApprovalAndBalance(_allocation.tokenContract, _total) -> IERC20M(tokenContract).allowance(this.authority, address(this))

    • What is controllable? _grantee, _allocation, _milestones, and _allocation.tokenContract.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.createVestingAllocation(_grantee, _allocation, _milestones) -> this.validateTokenApprovalAndBalance(_allocation.tokenContract, _total) -> IERC20M(tokenContract).balanceOf(this.authority)

    • What is controllable? _grantee, _allocation, _milestones, and _allocation.tokenContract.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.createVestingAllocation(_grantee, _allocation, _milestones) -> IAllocationFactory(this.vestingFactory).createAllocation(AllocationType.Vesting, _grantee, address(this), _allocation, _milestones, address(0), 0, 0)

    • What is controllable? _grantee, _allocation, and _milestones.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.createVestingAllocation(_grantee, _allocation, _milestones) -> this.safeTransferFrom(_allocation.tokenContract, this.authority, vestingAllocation, _total)

    • What is controllable? _grantee, _allocation, _milestones, and _allocation.tokenContract.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.createTokenOptionAllocation(_grantee, _exercisePrice, _paymentToken, _shortStopDuration, _allocation, _milestones) -> this.createAndInitializeTokenOptionAllocation(_grantee, _paymentToken, _exercisePrice, _shortStopDuration, _allocation, _milestones) -> IAllocationFactory(this.tokenOptionFactory).createAllocation(AllocationType.TokenOption, _grantee, address(this), _allocation, _milestones, _paymentToken, _exercisePrice, _shortStopDuration)

    • What is controllable? _grantee, _exercisePrice, _paymentToken, _shortStopDuration, _allocation, and _milestones.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.createTokenOptionAllocation(_grantee, _exercisePrice, _paymentToken, _shortStopDuration, _allocation, _milestones) -> this.safeTransferFrom(_allocation.tokenContract, this.authority, tokenOptionAllocation, _total)

    • What is controllable? _grantee, _exercisePrice, _paymentToken, _shortStopDuration, _allocation, _milestones, and _allocation.tokenContract.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.createRestrictedTokenAward(_grantee, _exercisePrice, _paymentToken, _shortStopDuration, _allocation, _milestones) -> this.createAndInitializeRestrictedTokenAward(_grantee, _paymentToken, _repurchasePrice, _shortStopDuration, _allocation, _milestones) -> IAllocationFactory(this.restrictedTokenFactory).createAllocation(AllocationType.RestrictedToken, _grantee, address(this), _allocation, _milestones, _paymentToken, _repurchasePrice, _shortStopDuration)

    • What is controllable? _grantee, _exercisePrice, _paymentToken, _shortStopDuration, _allocation, and _milestones.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.createRestrictedTokenAward(_grantee, _exercisePrice, _paymentToken, _shortStopDuration, _allocation, _milestones) -> this.safeTransferFrom(_allocation.tokenContract, this.authority, restrictedTokenAward, _total)

    • What is controllable? _grantee, _exercisePrice, _paymentToken, _shortStopDuration, _allocation, _milestones, and _allocation.tokenContract.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2024Back to top ↑