Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Nukem Loans>Threat Model>recall
GeneralOverview
Findings
Critical (3)
High (3)
Medium (2)
Low (1)
DiscussionInitializer called in constructorBorrowing on behalf of the Market contractPotential storage-collision issueSaferERC20 additional checksEIP-712 implementationMarket setters should only be called onceUtilizing eth-brownie for testingCentralizationAMM oracle pricing
Threat ModelWhat are threat models?AbstractSwapper.solAuctions.solCollateral.solCredit.solDebt.solEIP712.solERC20Base.solERC20Permit.solEnFi4626.solLendingStrategy.sol
Market.solborrowcheckSignatureleveragerecallregisterCollateralregisterCreditregisterDebtregisterVsCreditsetAuctionssetStrategysetSwappersetTreasury
ProxyManager.solRoles.solSaferERC20.solUniswapV2Swapper.sol
Audit ResultsSummary

Function: recall(uint256 _value)

This allows a user to close a position (e.g., deleverage the value of what was deposited).

Inputs

  • _value

    • Control: Fully controlled by the caller.

    • Constraints: Checked to be a valid amount of collateral to be recalled.

    • Impact: Amount of collateral to be recalled.

Branches and code coverage (including function calls)

Intended branches

  • Verify that the collateral amount is valid.

  • If the collateral amount is valid, then deleverage the value of what was deposited.

  • If what was deposited is more than what can be repaid, then repay all the debt and send the surplus back to the sender.

  • Otherwise, repay what is possible and make sure user is still within correct collateralization limits.

  • Receive the swapped collateral as a result of the deleverage (essentially max_deposit).

  • Ensure that debt is zero after a full recall.

Negative behavior

  • If the collateral amount is invalid, then revert.

  • Should not allow user to recall more than what they have deposited.

  • Should not allow recalling on behalf of another user.

  • Should not allow calling if debt is zero.

Zellic © 2024Back to top ↑