Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic siteBack

Assessment reports>Nocturne>Threat Model>handleDeposit

GeneralOverview

Findings

Informational (1)

DiscussionGas tokens can be identified by index in Operation Schnorr signature documentation typo Redundant order-l check

Threat ModelWhat are threat models?BalanceManager.sol CommitmentTreeManager.sol DepositManager.sol

Handler.sol handleDeposit handleOperation

Teller.sol circuits

Audit ResultsSummary

Function: `handleDeposit(Deposit deposit)`

This verifies a deposit note and adds it to the Merkle tree. Called only by Teller.

Inputs

deposit
- Control: Arbitrarily set by any deposit source calling into Teller.depositFunds.
- Constraints: The deposit.encodedAsset must be a supported contract. Note must pass checks (see CommitmentTreeManager._handleRefundNote in section ref↗ for more info).
- Impact: Note details added to Merkle tree.

Branches and code coverage

Intended branches

Call into CommitmentTreeManager._handleRefundNote.
Test coverage

Negative behavior

Contract is paused.
Negative test
Caller is not Teller.
Negative test
Asset is not whitelisted.
Negative test
The call to CommitmentTreeManager._handleRefundNote reverts.
Negative test

Zellic © 2025Back to top ↑