Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Nocturne>Threat Model>_handleRefundNote
GeneralOverview
Findings
High (2)
Low (2)
Informational (1)
DiscussionGas tokens can be identified by index in OperationSchnorr signature documentation typoRedundant order-l check
Threat ModelWhat are threat models?BalanceManager.sol
CommitmentTreeManager.sol_handleJoinSplits_handleRefundNoteapplySubtreeUpdate
DepositManager.solHandler.solTeller.solcircuits
Audit ResultsSummary

Function: _handleRefundNote(EncodedAsset encodedAsset, CompressedStealthAddress refundAddr, uint256 value)

This creates an encoded note out and adds refund note to queue to be added to off-chain Merkle tree by subtree update.

Inputs

  • encodedAsset

    • Control: Arbitrarily set by authorized deposit source calling Teller.depositFunds.

    • Constraints: After decoding, address must be on whitelist. ERC-20 transfer of this value later must succeed.

    • Impact: Stored in enqueued note. Emitted in the RefundProcessed event.

  • refundAddr

    • Control: Arbitrarily set by authorized deposit source calling Teller.depositFunds.

    • Constraints: The encodedAsset.encodedAssetAddr must be a valid field element and not have bits set outside ENCODED_ASSET_ADDR_MASK. The encodedAsset.encodedAssetId must be a valid field element and less than MAX_ASSET_ID. The refundAddr.h1 and refundAddr.h2 must be valid field elements if the X-sign bit is unset.

    • Impact: Stored in enqueued note. Emitted in the RefundProcessed event.

  • value

    • Control: Arbitrarily set by authorized deposit source calling Teller.depositFunds.

    • Constraints: Must be less than MAX_NOTE_VALUE. ERC-20 transfer of this value later must succeed.

    • Impact: Stored in enqueued note. Emitted in the RefundProcessed event.

Branches and code coverage

Intended branches

  • Inserts note into queue.

Negative behavior

  • Note fails validation.

Zellic © 2025Back to top ↑