Assessment reports>Origami Finance>Threat Model>exitToToken

Function: exitToToken(address account, IOrigamiInvestment.ExitQuoteData quoteData, address recipient)

This function is called by the oToken contract when user exits from oToken.

Inputs

  • account

    • Constraints: No constraints.

    • Impact: The account that initiates the exit process.

  • quoteData.toToken

    • Constraints: Verify that toToken is equal to the asset address.

    • Impact: The tokens that account expects to receive as a result of the exit process.

  • quoteData.investmentTokenAmount

    • Constraints: The new Utilisation should not exceed the cap.

    • Impact: The shares amount to exit.

  • recipient

    • Constraints: No constraints.

    • Impact: Receiver of asset tokens.

Branches and code coverage

Intended branches

  • The exitToToken was executed properly

Negative behavior

  • quoteData.investmentTokenAmount exceeds the cap.

  • The caller is not oToken.

  • quoteData.toToken is not asset.

  • _paused.exitsPaused is true.

Function call analysis

  • this.circuitBreakerProxy.preCheck(address(this.oToken), account, quoteData.investmentTokenAmount)

    • What is controllable? quoteData.investmentTokenAmount.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? Will revert if the new Utilisation exceeds the current capacity.

  • this.lendingClerk.withdraw(toTokenAmount, recipient)

    • What is controllable? toTokenAmount and recipient.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? The function will revert if toTokenAmount is more than the available debt tokens (not borrowed).

Zellic © 2025Back to top ↑