Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Nukem Loans>Threat Model>auction
GeneralOverview
Findings
Critical (3)
High (3)
Medium (2)
Low (1)
DiscussionInitializer called in constructorBorrowing on behalf of the Market contractPotential storage-collision issueSaferERC20 additional checksEIP-712 implementationMarket setters should only be called onceUtilizing eth-brownie for testingCentralizationAMM oracle pricing
Threat ModelWhat are threat models?AbstractSwapper.solAuctions.solCollateral.sol
Credit.sol_borrowForCollateralauctionborrowliquidate
Debt.solEIP712.solERC20Base.solERC20Permit.solEnFi4626.solLendingStrategy.solMarket.solProxyManager.solRoles.solSaferERC20.solUniswapV2Swapper.sol
Audit ResultsSummary

Function: auction(address liquidator, uint256 liquidated, address debtor)

This auctions.

Inputs

  • liquidator

    • Control: Full.

    • Constraints: None.

    • Impact: Liquidator.

  • liquidated

    • Control: Full.

    • Constraints: > 0.

    • Impact: Amount liquidated.

  • debtor

    • Control: Full.

    • Constraints: None.

    • Impact: Account to be liquidated.

Branches and code coverage (including function calls)

Intended branches

  • Auction pays off and transfers tokens.

Negative behavior

  • Zero check.

  • Cannot auction with insufficient shares.

Function call analysis

  • auction(...) -> assetsPerShare()

    • What is controllable? Everything.

    • If return value controllable, how is it used and how can it go wrong? Assets per share.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • auction(...) -> collateral.balanceOf(debtor)

    • What is controllable? Everything.

    • If return value controllable, how is it used and how can it go wrong? Amount of collateral of debtor.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • auction(...) -> converToShares(liquidated)

    • What is controllable? Everything.

    • If return value controllable, how is it used and how can it go wrong? Share conversion.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • auction(...) -> collateral.balanceOf(liquidator)

    • What is controllable? Everything.

    • If return value controllable, how is it used and how can it go wrong? Amount of collateral of liquidator.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • auction(...) -> collateral.auctionTransfer(debtor, liquidator, collateral_balance)

    • What is controllable? Everything (onlyAuction).

    • If return value controllable, how is it used and how can it go wrong? Discarded.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • auction(...) -> debt.erase(debtor)

    • What is controllable? Everything.

    • If return value controllable, how is it used and how can it go wrong? Discarded.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • auction(...) -> _mint(this, profit_shares)

    • What is controllable? Nothing.

    • If return value controllable, how is it used and how can it go wrong? Discarded.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

Zellic © 2024Back to top ↑