Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Orderly Network>Threat Model>frozenBalance
GeneralOverview
Findings
Critical (1)
High (4)
Medium (3)
Informational (1)
DiscussionAdditional checksOverall issues with some functionsThe `changeFeeCollector` does not revertThe `tokenHash` is not a hash from `tokenAddress`
Threat ModelWhat are threat models?
AccountTypeHelper.soladdBalancefinishFrozenBalancefrozenBalancesubBalanceunfrozenBalance
AccountTypePositionHelper.solCrossChainRelayUpgradeable.solFeeManager.solLedger.solLedgerComponent.solLedgerCrossChainManagerUpgradeable.solMarketManager.solOperatorManager.solOperatorManagerComponent.solSignature.solVault.solVaultCrossChainManagerUpgradeable.solVaultManager.sol
Audit ResultsSummary

Function: frozenBalance(AccountTypes.Account account, uint64 withdrawNonce, byte[32] tokenHash, uint128 amount)

This allows the freezing of a given amount of a given token for a given account.

Inputs

  • account

    • Control: Fully controllable by calling function.

    • Constraints: None.

    • Impact: The account whose balance is to be frozen.

  • withdrawNonce

    • Control: Fully controllable by calling function.

    • Constraints: None.

    • Impact: The nonce of the withdrawal.

  • tokenHash

    • Control: Fully controllable by calling function.

    • Constraints: None.

    • Impact: The token whose balance is to be frozen.

  • amount

    • Control: Fully controllable by calling function.

    • Constraints: None.

    • Impact: The amount by which the balance is to be frozen.

Branches and code coverage

Intended branches

  • Account balance is decreased by the amount.

  • Account total frozen balance is increased by the amount.

  • Account frozen balance for the given withdrawNonce is set to the amount.

  • Account last withdraw nonce is set to the given withdrawNonce.

Negative behavior

  • Should not allow calling this function if the previous withdraw nonce has not been finished. Currently, this is not checked.

  • Should not allow freezing balance if there is already frozen balance for the given withdraw nonce. Currently, this is not checked at this level.

  • Should not allow freezing balance if the withdraw nonce is not greater than the last withdraw nonce. Currently, this is not checked at this level but at the calling function level.

Zellic © 2024Back to top ↑