Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Ostium>Threat Model>distributeReward
GeneralOverview
Findings
Critical (2)
High (3)
Medium (6)
Low (6)
Informational (2)
DiscussionRemoval of trading pairs is not supportedIncorrect last updated block number for TP and SLTradeUtils used as a library for address
Threat ModelWhat are threat models?Delegatable.solOstiumOpenPnl.solOstiumTrading.sol
OstiumVault.sol_executeDiscountAndLockcancelWithdrawRequestdepositdepositWithDiscountAndLockdistributeRewardmakeWithdrawRequestmintmintWithDiscountAndLockreceiveAssetsredeemtransfertransferFromtryNewOpenPnlRequestOrEpochtryResetDailyAccPnlDeltatryUpdateCurrentMaxSupplyunlockDepositwithdraw
Audit ResultsSummary

Function: distributeReward(uint256 assets)

Distribute a reward to the OstiumVault. Normally called by OstiumTradingCallbacks to distribute the liquidation fee, but it is also callable by anyone wishing to donate to the vault.

Inputs

  • assets

    • Control: Arbitrary.

    • Constraints: Transfer must succeed.

    • Impact: Amount of assets to distribute as rewards.

Branches and code coverage

Intended branches

  • Reward distribution succeeds.

Negative behavior

  • Reward distribution fails due to transfer failure.

Function call analysis

  • SafeERC20Upgradeable.safeTransferFrom(this._assetIERC20(), sender, address(this), assets)

    • What is controllable? Only assets.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? If the transfer fails, the call reverts. If there is reentrancy due to a future USDC upgrade that adds outgoing hooks, the state of the contract is the same and valid both before and after the transfer.

Zellic © 2025Back to top ↑