Assessment reports>Origami Finance>Threat Model>recoverToken

Function: recoverToken(address _token, address _to, uint256 _amount)

Allows the caller who has access to the function to transfer any tokens from the contract balance without restrictions in case token is not reserveToken; otherwise, only the surplus reserves can be recovered.

Inputs

  • token

    • Constraints: No constraints.

    • Impact: The address of the token that will be transferred — can be reserveToken contract address.

  • to

    • Constraints: Not zero address.

    • Impact: The receiver of tokens.

  • amount

    • Constraints: The contract should have enough amount of tokens — if token is reserveToken, no more than surplus reserves.

    • Impact: The number of tokens will be transferred from the contract.

Branches and code coverage

Intended branches

  • Tokens are recovered properly.

Negative behavior

  • Non-whitelisted caller

  • Exceed the limit if _token is reserveToken.

Zellic © 2025Back to top ↑