Assessment reports>Origami Finance>Threat Model>withdraw

Function: withdraw(uint256 amount, address recipient)

Withdraws from the Aave pool.

Inputs

  • amount

    • Control: Full.

    • Constraints: None.

    • Impact: Amount to withdraw.

  • recipient

    • Control: Full.

    • Constraints: None.

    • Impact: Recipient.

Branches and code coverage

Intended branches

  • Withdraws from lending pool.

Negative behavior

  • Verifies zero amount.

Function call analysis

  • this.availableToWithdraw() -> this.aToken.balanceOf(address(this))

    • What is controllable? Nothing.

    • If the return value is controllable, how is it used and how can it go wrong? Amount of aTokens.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.availableToWithdraw() -> this.asset.balanceOf(address(this.aToken))

    • What is controllable? Nothing.

    • If the return value is controllable, how is it used and how can it go wrong? Amount of reserve in Aave lending pool.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.lendingPool.withdraw(address(this.asset), amount, recipient)

    • What is controllable? amount and recipient.

    • If the return value is controllable, how is it used and how can it go wrong? Amount to withdraw from lending pool.

    • What happens if it reverts, reenters or does other unusual control flow? can revert if pool doesn't have enough funds to withdraw

Zellic © 2025Back to top ↑