Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>OFTAdapter Burn>Threat Model>_debit
GeneralOverview
Threat ModelWhat are threat models?
MintSelfBurnOFTAdapter.sol_credit_debit
Audit ResultsAssessment Results

Function: _debit(address _from, uint256 _amountLD, uint256 _minAmountLD, uint32 _dstEid)

This is an internal function that handles token debit logic during cross-chain token transfers.

Inputs

  • _from

    • Control: Full control.

    • Constraints: msg.sender.

    • Impact: The address of the token sender.

  • _amountLD

    • Control: Full control.

    • Constraints: The caller must own enough tokens to transfer.

    • Impact: The amount of OFT tokens specified by the caller to send to the _dstEid chain.

  • _minAmountLD

    • Control: Full control.

    • Constraints: N/A.

    • Impact: Determine the minimum amount of tokens that should be transferred after dust removal.

  • _dstEid

    • Control: Full control.

    • Constraints: peers should contain the _dstEid. Only the owner can set up eIDs that can be used.

    • Impact: The ID of the destination chain where tokens will be sent.

Branches and code coverage

Intended branches

  • The expected amount of tokens are burned.

  • The innerToken balance of the contract is not changed.

Negative behavior

  • The caller does not own enough tokens to transfer.

  • The caller does not provide an approval.

  • The amountReceivedLD is less than _minAmountLD.

  • The _dstEid is not supported.

Function call analysis

  • super._debitView(_amountLD, _minAmountLD, _dstEid);

    • What is controllable? _amountLD, _minAmountLD, and _dstEid.

    • If the return value is controllable, how is it used and how can it go wrong? Returns amountSentLD and amountReceivedLD, which are equal since the default _debitView implementation from the OFTCore contract is used. These values represent _amountLD after dust removal based on the decimalConversionRate.

    • What happens if it reverts, reenters or does other unusual control flow? Reverts if amountReceivedLD is less than _minAmountLD.

  • IERC20(address(innerToken)).transferFrom(_from, address(this), amountSentLD);

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? There is no return value here.

    • What happens if it reverts, reenters or does other unusual control flow? Transfers the amountSentLD (without dust) to this contract. This function reverts if msg.sender has not granted sufficient allowance.

  • IMintSelfBurnToken(address(innerToken)).burn(amountSentLD);

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? There is no return value here.

    • What happens if it reverts, reenters or does other unusual control flow? Burns the specified amount of tokens from the contract’s balance. There should be no issues here, as the specified tokens are transferred to the contract’s balance in advance.

Zellic © 2025Back to top ↑