Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Origami Finance>Threat Model>exitToToken
GeneralOverview
Findings
Low (3)
DiscussionPossible share-price inflationLack of validationExemplary codebasePotential price arbitrage
Threat ModelWhat are threat models?LinearWithKinkInterestRateModel.solMintableToken.solOrigamiAaveV3IdleStrategy.solOrigamiAbstractLovTokenManager.solOrigamiCircuitBreakerAllUsersPerPeriod.solOrigamiCircuitBreakerProxy.solOrigamiCrossRateOracle.solOrigamiDebtToken.solOrigamiElevatedAccessBase.solOrigamiIdleStrategyManager.solOrigamiInvestmentVault.solOrigamiLendingClerk.solOrigamiLendingRewardsMinter.solOrigamiLendingSupplyManager.sol
OrigamiLovToken.solcollectPerformanceFeesexitToNativeexitToTokeninvestWithNativeinvestWithToken
OrigamiLovTokenErc4626Manager.solOrigamiOToken.solRepricingToken.solTokenPrices.sol
Audit ResultsSummary

Function: exitToToken(ExitQuoteData quoteData, address recipient)

Allows users to exit from lovToken investing and receive an approved ERC-20 token in exchange.

Inputs

  • quoteData.investmentTokenAmount

    • Constraints: Cannot be zero, and the caller must own a sufficient amount.

    • Impact: The amount of lovTokens to sell. Tokens will be transferred from the caller to the manager contract. At the end of transactions, tokens will be burned from the manager account.

  • quoteData.toToken

    • Constraints: There is verification inside the manager._redeemFromReserves() function that toToken can be equal to the depositAsset or _reserveToken; otherwise, the transaction will revert.

    • Impact: The recipient will receive these tokens in return — toToken should be an accepted ERC-20 token.

  • quoteData.maxSlippageBps

    • Constraints: Is not used and is not validated.

    • Impact: The maximum allowed slippage of the expectedToTokenAmount.

  • quoteData.deadline

    • Constraints: Is not used and is not validated.

    • Impact: N/A.

  • quoteData.expectedToTokenAmount

    • Constraints: Is not used and is not validated.

    • Impact: N/A.

  • quoteData.minToTokenAmount

    • Constraints: There is a check inside _manager.exitToToken(msg.sender, quoteData, recipient) that toTokenAmount is not less than quoteData.minToTokenAmount.

    • Impact: The minimum amount of toToken to receive.

  • quoteData.underlyingInvestmentQuoteData

    • Constraints: Is not used and is not validated.

    • Impact: N/A.

  • recipient

    • Constraints: Cannot be zero address.

    • Impact: The receiver of the toToken.

Branches and code coverage

Intended branches

  • recipient receives expected amount of toToken.

  • The caller spent investmentTokenAmount of lovTokens.

Negative behavior

  • The caller does not have enough lovTokens.

  • The toTokenAmount is less than minToTokenAmount.

  • toToken is not supported.

  • recipient is zero address.

  • quoteData.investmentTokenAmount is zero.

Function call analysis

  • _manager.exitToToken(msg.sender, quoteData, recipient)

    • What is controllable? quoteData and recipient.

    • If the return value is controllable, how is it used and how can it go wrong? If lovTokenToBurn is less than investmentTokenAmount, part of lovTokens will not be burned; otherwise, if lovTokenToBurn is more than investmentTokenAmount, more lovTokens will be burned.

    • What happens if it reverts, reenters or does other unusual control flow? Can revert if toTokenAmount is less than minToTokenAmount or if toToken is not supported.

Zellic © 2025Back to top ↑