Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Origami Finance>Threat Model>recoverToken
GeneralOverview
Findings
Low (3)
DiscussionPossible share-price inflationLack of validationExemplary codebasePotential price arbitrage
Threat ModelWhat are threat models?LinearWithKinkInterestRateModel.solMintableToken.solOrigamiAaveV3IdleStrategy.solOrigamiAbstractLovTokenManager.solOrigamiCircuitBreakerAllUsersPerPeriod.solOrigamiCircuitBreakerProxy.solOrigamiCrossRateOracle.solOrigamiDebtToken.solOrigamiElevatedAccessBase.solOrigamiIdleStrategyManager.solOrigamiInvestmentVault.solOrigamiLendingClerk.solOrigamiLendingRewardsMinter.solOrigamiLendingSupplyManager.solOrigamiLovToken.solOrigamiLovTokenErc4626Manager.solOrigamiOToken.sol
RepricingToken.soladdPendingReservescheckpointReservesrecoverToken
TokenPrices.sol
Audit ResultsSummary

Function: recoverToken(address _token, address _to, uint256 _amount)

Allows the caller who has access to the function to transfer any tokens from the contract balance without restrictions in case token is not reserveToken; otherwise, only the surplus reserves can be recovered.

Inputs

  • token

    • Constraints: No constraints.

    • Impact: The address of the token that will be transferred — can be reserveToken contract address.

  • to

    • Constraints: Not zero address.

    • Impact: The receiver of tokens.

  • amount

    • Constraints: The contract should have enough amount of tokens — if token is reserveToken, no more than surplus reserves.

    • Impact: The number of tokens will be transferred from the contract.

Branches and code coverage

Intended branches

  • Tokens are recovered properly.

Negative behavior

  • Non-whitelisted caller

  • Exceed the limit if _token is reserveToken.

Zellic © 2025Back to top ↑