Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Nukem Loans>Threat Model>_mint
GeneralOverview
Findings
Critical (3)
High (3)
Medium (2)
Low (1)
DiscussionInitializer called in constructorBorrowing on behalf of the Market contractPotential storage-collision issueSaferERC20 additional checksEIP-712 implementationMarket setters should only be called onceUtilizing eth-brownie for testingCentralizationAMM oracle pricing
Threat ModelWhat are threat models?AbstractSwapper.solAuctions.solCollateral.solCredit.solDebt.solEIP712.solERC20Base.solERC20Permit.sol
EnFi4626.sol_deposit_mint_redeem_withdraw
LendingStrategy.solMarket.solProxyManager.solRoles.solSaferERC20.solUniswapV2Swapper.sol
Audit ResultsSummary

Function: _mint(uint256 shares, address receiver)

This facilitates minting shares into the vault.

Inputs

  • shares

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: The amount of shares to mint.

  • receiver

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: The address to mint the shares to.

Branches and code coverage (including function calls)

Intended branches

  • Deplete the balance of msg.sender by assets.

  • Increase the balance of address(this) by assets.

  • Mint shares to receiver.

Negative behavior

  • Should not allow depositing more assets than what was transferred. That is ensured in safeTransferFromWithAmount.

  • Should not allow the deposit inflation attack. Currently that is not enforced in code.

  • Should not allow for huge discrepancies between previewMint and actual mint. Currently that is not enforced in code.

Zellic © 2025Back to top ↑