Assessment reports>Nukem Loans>Threat Model>_permit

Function: _permit(address owner, address spender, uint256 value, uint256 deadline, uint8 v, bytes32 r, bytes32 s)

This validates a signature for a permit and calls _approve.

Inputs

  • owner

    • Control: Fully controlled by the caller.

    • Constraints: Checked that it is the recovered address from the signature in the isValidSignatureNow call.

    • Impact: The owner of the funds to be approved.

  • spender

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: The spender of the funds to be approved.

  • value

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: The amount of funds to be approved.

  • deadline

    • Control: Fully controlled by the caller.

    • Constraints: Checked that it is in the future.

    • Impact: The deadline for the signature to be valid.

  • v

    • Control: Fully controlled by the caller.

    • Constraints: Must recover in a valid signature.

    • Impact: The v part of the signature.

  • r

    • Control: Fully controlled by the caller.

    • Constraints: Must recover in a valid signature.

    • Impact: The r part of the signature.

  • s

    • Control: Fully controlled by the caller.

    • Constraints: Must recover in a valid signature.

    • Impact: The s part of the signature.

Branches and code coverage (including function calls)

Intended branches

  • Check that the owner is the recovered address from the signature. That is ensured in the isValidSignatureNow call.

  • Check that the deadline is in the future.

  • Call _approve with the owner, spender, and value, so that tokens are approved.

  • Assure that all other aspects of the signature are valid. That is ensured in the isValidSignatureNow call.

Negative behavior

  • Do NOT allow reusing the signature. That is ensured through the nonce.

Zellic © 2024Back to top ↑