Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Nukem Loans>Threat Model>withdrawEth
GeneralOverview
Findings
Critical (3)
High (3)
Medium (2)
Low (1)
DiscussionInitializer called in constructorBorrowing on behalf of the Market contractPotential storage-collision issueSaferERC20 additional checksEIP-712 implementationMarket setters should only be called onceUtilizing eth-brownie for testingCentralizationAMM oracle pricing
Threat ModelWhat are threat models?AbstractSwapper.solAuctions.solCollateral.solCredit.solDebt.solEIP712.sol
ERC20Base.solapproveminttransfertransferFromwithdrawEthxapprovextransfer
ERC20Permit.solEnFi4626.solLendingStrategy.solMarket.solProxyManager.solRoles.solSaferERC20.solUniswapV2Swapper.sol
Audit ResultsSummary

Function: withdrawEth()

This allows the owner to withdraw ETH from the contract.

Branches and code coverage (including function calls)

Intended branches

  • Transfer ETH from this contract to the owner.

Negative behavior

  • Should only be callable by the owner or a role with WITHDRAW_ETH permission.

Zellic © 2025Back to top ↑