Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Nukem Loans>Threat Model>safeTransferToSelf
GeneralOverview
Findings
Critical (3)
High (3)
Medium (2)
Low (1)
DiscussionInitializer called in constructorBorrowing on behalf of the Market contractPotential storage-collision issueSaferERC20 additional checksEIP-712 implementationMarket setters should only be called onceUtilizing eth-brownie for testingCentralizationAMM oracle pricing
Threat ModelWhat are threat models?AbstractSwapper.solAuctions.solCollateral.solCredit.solDebt.solEIP712.solERC20Base.solERC20Permit.solEnFi4626.solLendingStrategy.solMarket.solProxyManager.solRoles.sol
SaferERC20.solsafeTransfersafeTransferToSelf
UniswapV2Swapper.sol
Audit ResultsSummary

Function: safeTransferToSelf(IERC20 token, uint256 value)

This performs a safe transfer to self. If the token is ETH, then the value is transferred to the contract. If the token is not ETH, then the value is transferred from the sender to the contract.

Inputs

  • token

    • Control: Controlled by upper-level function.

    • Constraints: Must be a valid IERC20 or native ETH.

    • Impact: The token to be transferred.

  • value

    • Control: Controlled by upper-level function.

    • Constraints: In case of ETH, must be greater than or equal to the msg.value.

    • Impact: The amount of tokens to be transferred.

Branches and code coverage (including function calls)

Intended branches

  • Perform a safe transfer of ETH to the contract. This means that the msg.value must be greater than or equal to the value.

  • Returns anything left over to the sender.

  • Perform a safe transfer of tokens from the sender to the contract. This means that the sender must have approved the contract to spend the value amount of.

Negative behavior

  • Should not allow receiving ETH if the token is not ETH. Currently not checked.

Zellic © 2024Back to top ↑