Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Ostium>Threat Model>_executeDiscountAndLock
GeneralOverview
Findings
Critical (2)
High (3)
Medium (6)
Low (6)
Informational (2)
DiscussionRemoval of trading pairs is not supportedIncorrect last updated block number for TP and SLTradeUtils used as a library for address
Threat ModelWhat are threat models?Delegatable.solOstiumOpenPnl.solOstiumTrading.sol
OstiumVault.sol_executeDiscountAndLockcancelWithdrawRequestdepositdepositWithDiscountAndLockdistributeRewardmakeWithdrawRequestmintmintWithDiscountAndLockreceiveAssetsredeemtransfertransferFromtryNewOpenPnlRequestOrEpochtryResetDailyAccPnlDeltatryUpdateCurrentMaxSupplyunlockDepositwithdraw
Audit ResultsSummary

Function: _executeDiscountAndLock(uint256 assets, uint256 assetsDeposited, uint256 shares, uint32 lockDuration, address receiver)

Internal function called by both depositWithDiscountAndLock and mintWithDiscountAndLock to share logic.

Inputs

  • assets

    • Control: Amount of assets equal in value to the shares to mint.

    • Constraints: Must be less than assetsDeposited.

    • Impact: Used to calculate assetsDiscount.

  • assetsDeposited

    • Control: Must be calculated from lockDuration and the intended discount.

    • Constraints: None.

    • Impact: Amount of assets to actually transfer.

  • shares

    • Control: Must correspond to assets using current share price.

    • Constraints: None.

    • Impact: Amount of shares to mint.

  • lockDuration

    • Control: Arbitrary.

    • Constraints: Must cause nonzero discount.

    • Impact: Duration before NFT can be redeemed.

  • receiver

    • Control: Arbitrary.

    • Constraints: None.

    • Impact: Receiver of the NFT.

Function call analysis

  • The call to OstiumLockedDepositNft.mint can cause reentrancy due to the use of _safeMint, since receiver could be a user-controlled contract that implements IERC721Receiver.onERC721Received. However, except for the DepositLocked event, there is no logic after this call in either this function or its parent, which means the only possible negative effect is that off-chain actors watching the event may be confused about DepositLocked occurring after Transfer or whatnot.

Zellic © 2025Back to top ↑