Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Nukem Loans>Threat Model>_withdraw
GeneralOverview
Findings
Critical (3)
High (3)
Medium (2)
Low (1)
DiscussionInitializer called in constructorBorrowing on behalf of the Market contractPotential storage-collision issueSaferERC20 additional checksEIP-712 implementationMarket setters should only be called onceUtilizing eth-brownie for testingCentralizationAMM oracle pricing
Threat ModelWhat are threat models?AbstractSwapper.solAuctions.solCollateral.solCredit.sol
Debt.sol_deposit_withdrawerasetotalSupply
EIP712.solERC20Base.solERC20Permit.solEnFi4626.solLendingStrategy.solMarket.solProxyManager.solRoles.solSaferERC20.solUniswapV2Swapper.sol
Audit ResultsSummary

Function: _withdraw(uint256 assets, address receiver, address owner)

This borrows.

Inputs

  • assets

    • Control: Full.

    • Constraints: None.

    • Impact: Amount to borrow.

  • receiver

    • Control: Full.

    • Constraints: None.

    • Impact: Receiver of borrowed coins.

  • owner

    • Control: Full.

    • Constraints: None.

    • Impact: The owner of the collateral.

Branches and code coverage (including function calls)

Intended branches

  • Respects maxWithdraw.

Negative behavior

  • Fee cannot be larger than borrow.

Function call analysis

  • _withdraw(assets, receiver, owner) -> borrowFeeFor(assets)

    • What is controllable? Full.

    • If return value controllable, how is it used and how can it go wrong? The borrow fee.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • _withdraw(assets, receiver, owner) -> _market.credit().borrow(receiver, assets, borrow_fee)

    • What is controllable? Full.

    • If return value controllable, how is it used and how can it go wrong? Discarded.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

Zellic © 2024Back to top ↑