Assessment reports>Ostium>Threat Model>withdraw

Function: withdraw(uint256 assets, address receiver, address owner)

Withdraws assets from the vault by burning shares corresponding to the value.

Inputs

  • assets

    • Control: Arbitrary.

    • Constraints: Must be less than max withdraw for the owner, which accounts for withdrawal requests.

    • Impact: Amount of assets to withdraw.

  • receiver

    • Control: Arbitrary.

    • Constraints: None.

    • Impact: Receiver of the assets.

  • owner

    • Control: Arbitrary.

    • Constraints: If not sender, allowance must be present and spent.

    • Impact: Owner of the shares to be redeemed.

Branches and code coverage

Intended branches

  • Withdrawal succeeds for sender owner.

  • Withdrawal succeeds for nonsender owner with allowance.

Negative behavior

  • Withdrawal fails due to max withdrawal.

  • Withdrawal fails due to allowance.

  • Withdrawal fails due to undercollateralization.

Function call analysis

  • this._withdraw(this._msgSender(), receiver, owner, assets, shares) -> SafeERC20Upgradeable.safeTransfer(this._asset, receiver, assets)

    • What is controllable? Quantity of assets.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? Tail call, so reentrancy due to an ERC-20 hook is safe.

Zellic © 2024Back to top ↑