Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Orderly Network>Threat Model>setAllowedChainToken
GeneralOverview
Findings
Critical (1)
High (3)
Medium (4)
Informational (1)
DiscussionAdditional checksOverall issues with some functionsThe `changeFeeCollector` does not revertThe `tokenHash` is not a hash from `tokenAddress`
Threat ModelWhat are threat models?AccountTypeHelper.solAccountTypePositionHelper.solCrossChainRelayUpgradeable.solFeeManager.solLedger.solLedgerComponent.solLedgerCrossChainManagerUpgradeable.solMarketManager.solOperatorManager.solOperatorManagerComponent.solSignature.solVault.solVaultCrossChainManagerUpgradeable.sol
VaultManager.soladdBalancefinishFrozenBalancefrozenBalancesetAllowedBrokersetAllowedChainTokensetAllowedSymbolsetAllowedTokensetMaxWithdrawFeesubBalance
Audit ResultsSummary

Function: setAllowedChainToken(byte[32] _tokenHash, uint256 _chainId, bool _allowed)

This allows owner of the contract to add the hash of allowed token in the _chainId.

Inputs

  • _tokenHash

    • Control: Full control by owner.

    • Constraints: N/A.

    • Impact: The hash of the token allowed to make a deposit.

  • _chainId

    • Control: Full control by owner.

    • Constraints: N/A.

    • Impact: The chainId from which the token is allowed.

  • _allowed

    • Control: Full control by owner.

    • Constraints: N/A.

    • Impact: If true, the token is allowed; if false, the token is prohibited from making deposits.

Branches and code coverage

Intended branches

  • New _tokenHash was added successfully.

  • The previously added _tokenHash was prohibited successfully.

Negative behavior

  • Zero hash.

  • The same hash already allowed.

  • Caller is not an owner.

Zellic © 2025Back to top ↑