Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Orderly Network>Threat Model>addBalance
GeneralOverview
Findings
Critical (1)
High (4)
Medium (3)
Informational (1)
DiscussionAdditional checksOverall issues with some functionsThe `changeFeeCollector` does not revertThe `tokenHash` is not a hash from `tokenAddress`
Threat ModelWhat are threat models?AccountTypeHelper.solAccountTypePositionHelper.solCrossChainRelayUpgradeable.solFeeManager.solLedger.solLedgerComponent.solLedgerCrossChainManagerUpgradeable.solMarketManager.solOperatorManager.solOperatorManagerComponent.solSignature.solVault.solVaultCrossChainManagerUpgradeable.sol
VaultManager.soladdBalancefinishFrozenBalancefrozenBalancesetAllowedBrokersetAllowedChainTokensetAllowedSymbolsetAllowedTokensetMaxWithdrawFeesubBalance
Audit ResultsSummary

Function: addBalance(byte[32] _tokenHash, uint256 _chainId, uint128 _deltaBalance)

The function is triggered after cross-chain message receiving. It allows to count all deposit funds in all trusted chains.

Inputs

  • _tokenHash

    • Control: Actually controlled sender of cross-chain messages, because Ledger contract just passes the data from onlyCrossChainManager.

    • Constraints: There is a check that _tokenHash is allowed in the Ledger contract.

    • Impact: The deposited token.

  • _chainId

    • Control: Not controlled.

    • Constraints: There is no checks. But the Vault contract used does not control the _chainId — the ID of the main chain is used.

    • Impact: The ID of the chain where user performed deposit action.

  • _deltaBalance

    • Control: The value is controlled by the user who performed the deposit action. And Vault in the source chain checks that the user transferred this amount of tokens to the Vault.

    • Constraints: There are not any checks in destination chain.

    • Impact: The amount of deposited tokens.

Zellic © 2024Back to top ↑