Assessment reports>Origami Finance>Threat Model>withdraw

Function: withdraw(uint256 amount, address recipient)

Withdraw funds from an idle strategy, accounting for the buffer to avoid small withdraw.

Inputs

  • amount

    • Control: None, lendingClerk only.

    • Constraints: != 0.

    • Impact: Amount to withdraw.

  • recipient

    • Control: Full.

    • Constraints: != 0.

    • Impact: Recipient.

Branches and code coverage

Intended branches

  • Funds are withdrawn from the idle strategy.

Negative behavior

  • Revert if not enough balance is withdrawn.

  • != 0 checks are respected.

Function call analysis

  • this.asset.balanceOf(address(this))

    • What is controllable? Nothing.

    • If the return value is controllable, how is it used and how can it go wrong? Prewithdrawal balance.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • _idleStrategy.withdraw(withdrawnFromIdleStrategy, address(this))

    • What is controllable? Nothing.

    • If the return value is controllable, how is it used and how can it go wrong? Amount pulled out.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • SafeERC20.safeTransfer(this.asset, recipient, amount)

    • What is controllable? recipient.

    • If the return value is controllable, how is it used and how can it go wrong? Nothing.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑