Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Penumbra>Threat Model>Action: Spend
GeneralOverview
Findings
Critical (5)
High (5)
Medium (3)
Low (2)
Informational (1)
DiscussionTOCTOU bugs in `ActionHandler`
Threat ModelWhat are threat models?
2-shielded-poolAction: Ics20WithdrawalAction: OutputAction: Spend
3-stake4-dex
Threat ModelThe value-balance mechanism
Audit ResultsSummary

Action: Spend

The Spend action allows a user to spend a note, adding to the transactions-value balance. The action contains the following fields.

  • body — the body of the spend, containing the balance commitment, nullifier, and randomized verification key

  • auth_sig — the signature to be verified by the randomized verification key

  • proof — a zero-knowledge proof to verify that the supplied balance commitment, nullifier, verification key, and transactions anchor are valid

Spend::check_stateless verifies the spend auth signature and that the supplied proof matches the public inputs.

Spend::check_stateful checks that the nullifier has not been used before (also see ref).

Spend::execute will add the supplied note payload into the state commitment tree and emit an event.

Zellic © 2025Back to top ↑