Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Orderly Network>Threat Model>accountDeposit
GeneralOverview
Findings
Critical (1)
High (3)
Medium (4)
Informational (1)
DiscussionAdditional checksOverall issues with some functionsThe `changeFeeCollector` does not revertThe `tokenHash` is not a hash from `tokenAddress`
Threat ModelWhat are threat models?AccountTypeHelper.solAccountTypePositionHelper.solCrossChainRelayUpgradeable.solFeeManager.sol
Ledger.solaccountDepositaccountWithDrawFinishexecuteAdlexecuteLiquidationexecuteProcessValidatedFuturesexecuteSettlementexecuteWithdrawActionsetCrossChainManagersetFeeManagersetMarketManagersetOperatorManagerAddresssetVaultManager
LedgerComponent.solLedgerCrossChainManagerUpgradeable.solMarketManager.solOperatorManager.solOperatorManagerComponent.solSignature.solVault.solVaultCrossChainManagerUpgradeable.solVaultManager.sol
Audit ResultsSummary

Function: accountDeposit(AccountTypes.AccountDeposit data)

The function is called as a result of cross-chain communication after a user deposits funds in another chain. The input data is an AccountDeposit object and contains the fields shown below:

  • bytes32 accountId — controlled by user, but there is a check that this accountId is related to the userAddress and brokerHash.

  • bytes32 brokerHash — controlled by user but can only be allowed broker.

  • address userAddress — is the receiver of funds. There is no check that the address is not zero here.

  • bytes32 tokenHash — controlled by user but can only be an allowed token from trusted srcChainId.

  • uint256 srcChainId; — source chain id.

  • uint128 tokenAmount — controlled by user, but the user should transfer this amount of tokens to Vault.

  • uint64 srcChainDepositNonce — calculated during deposit call. But it is not validated here.

Branches and code coverage

Intended branches

  • Check that accountId is calculated using these brokerHash and userAddress values.

  • Validate that srcChainDepositNonce is incremented since the previous deposit.

  • brokerHash is allowed.

  • tokenHash and srcChainId is allowed.

Negative behavior

  • userAddress is zero address.

  • tokenAmount is zero.

Function call analysis

  • vaultManager.getAllowedBroker

    • External/Internal? External.

    • Argument control? data.brokerHash.

    • Impact: Return true if brokerHash is allowed broker.

  • vaultManager.getAllowedChainToken(data.tokenHash, data.srcChainId)

    • External/Internal? External.

    • Argument control? All arguments are controlled by caller.

    • Impact: Return true if tokenHash from srcChainId is allowed.

  • Utils.validateAccountId(data.accountId, data.brokerHash, data.userAddress)

    • External/Internal? External.

    • Argument control? All arguments are controlled by caller.

    • Impact: Check that _userAddress and _brokerHash is related to the _accountId. Return true if keccak256(abi.encode(_userAddress, _brokerHash)) == _accountId

  • account.addBalance(data.tokenHash, data.tokenAmount);

    • External/Internal? Internal.

    • Argument control? All arguments are controlled by caller.

    • Impact: Increase the balance of tokenHash by tokenAmount for account related to userAddress.

  • vaultManager.addBalance(data.tokenHash, data.srcChainId, data.tokenAmount);

    • External/Internal? External.

    • Argument control? All arguments are controlled by caller.

    • Impact: Increase the balance of tokenHash from srcChainId by tokenAmount.

Zellic © 2025Back to top ↑