Assessment reports>Origami Finance>Threat Model>exitToToken

Function: exitToToken(ExitQuoteData quoteData, address recipient)

Allows users to exit from lovToken investing and receive an approved ERC-20 token in exchange.

Inputs

  • quoteData.investmentTokenAmount

    • Constraints: Cannot be zero, and the caller must own a sufficient amount.

    • Impact: The amount of lovTokens to sell. Tokens will be transferred from the caller to the manager contract. At the end of transactions, tokens will be burned from the manager account.

  • quoteData.toToken

    • Constraints: There is verification inside the manager._redeemFromReserves() function that toToken can be equal to the depositAsset or _reserveToken; otherwise, the transaction will revert.

    • Impact: The recipient will receive these tokens in return — toToken should be an accepted ERC-20 token.

  • quoteData.maxSlippageBps

    • Constraints: Is not used and is not validated.

    • Impact: The maximum allowed slippage of the expectedToTokenAmount.

  • quoteData.deadline

    • Constraints: Is not used and is not validated.

    • Impact: N/A.

  • quoteData.expectedToTokenAmount

    • Constraints: Is not used and is not validated.

    • Impact: N/A.

  • quoteData.minToTokenAmount

    • Constraints: There is a check inside _manager.exitToToken(msg.sender, quoteData, recipient) that toTokenAmount is not less than quoteData.minToTokenAmount.

    • Impact: The minimum amount of toToken to receive.

  • quoteData.underlyingInvestmentQuoteData

    • Constraints: Is not used and is not validated.

    • Impact: N/A.

  • recipient

    • Constraints: Cannot be zero address.

    • Impact: The receiver of the toToken.

Branches and code coverage

Intended branches

  • recipient receives expected amount of toToken.

  • The caller spent investmentTokenAmount of lovTokens.

Negative behavior

  • The caller does not have enough lovTokens.

  • The toTokenAmount is less than minToTokenAmount.

  • toToken is not supported.

  • recipient is zero address.

  • quoteData.investmentTokenAmount is zero.

Function call analysis

  • _manager.exitToToken(msg.sender, quoteData, recipient)

    • What is controllable? quoteData and recipient.

    • If the return value is controllable, how is it used and how can it go wrong? If lovTokenToBurn is less than investmentTokenAmount, part of lovTokens will not be burned; otherwise, if lovTokenToBurn is more than investmentTokenAmount, more lovTokens will be burned.

    • What happens if it reverts, reenters or does other unusual control flow? Can revert if toTokenAmount is less than minToTokenAmount or if toToken is not supported.

Zellic © 2025Back to top ↑