Zellic - Audit Reports

This function overrides ERC4626 _withdraw to add donation attack protection.

_caller
- Control: Full control.
- Constraints: None.
- Impact: People whose shares were taken away.
_receiver
- Control: Full control.
- Constraints: None.
- Impact: People who receive assets.
_owner
- Control: Full control.
- Constraints: Must equal _caller or grant sufficient allowance for the burn.
- Impact: The account whose shares are burned and whose allowance may be consumed.
_assets
- Control: Full control.
- Constraints: Cannot exceed vault liquidity and must match the share-to-asset exchange rate.
- Impact: The amount of the underlying token used for the Vault for accounting, depositing, and withdrawing.
_shares
- Control: Full control.
- Constraints: None.
- Impact: The amount of tokens in the vault. Has a ratio of underlying assets exchanged on mint/deposit/withdraw/redeem (as defined by the Vault).

Intended branches

Burn the requested _shares from _owner, consuming allowance when _caller != _owner, and transfer the matching _assets to _receiver.

Keep the share-to-asset exchange rate stable across sequential withdrawals so that no user can exit with more than their proportional claim.

Enforce the donation-attack guard by ensuring _shares maps 1:1 to _assets once the withdrawal completes.

Negative behavior

Revert if the vault is paused or withdrawals are globally disabled.

Revert if rounding would leave residual shares or assets that break the donation-attack invariant.

Revert if a small non-zero amount of shares remain after _withdraw.