Assessment reports>Perennial>Threat Model>invoke

Function: invoke(Invocation[] Invocation[])

Performs invocations in order.

Inputs

  • invocations

    • Control: Arbitrary.

    • Constraints: Depends on invocation.action.

    • Impact: Depends on invocation.action. Calls _update, _vaultUpdate, _placeOrder, _cancelOrder, _executeOrder, _commitPrice, _liquidate, _approve, or USDC.pullTo from the sender.

Function call analysis

For all of the following function calls:

  • invoke -> _update(market, newMaker, newLong, newShort, collateral, wrap)

  • invoke -> _vaultUpdate(vault, depositAssets, redeemShares, claimAssets, wrap)

  • invoke -> _placeOrder(msg.sender, market, order)

  • invoke -> _cancelOrder(msg.sender, market, nonce)

  • invoke -> _executeOrder(account, market, nonce)

  • invoke -> _commitPrice(oracleProvider, value, index, version, data, revertOnFailure)

  • invoke -> _liquidate(IMarket(market), account)

  • invoke -> _approve(target)

We have:

  • invoke -> ...

    • What is controllable? All arguments.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? Reverts bubble up; reentrancy is okay due to lack of unexpected state.

And for the USDC call:

  • invoke -> USDC.pullTo(msg.sender, to, amount)

    • What is controllable? Destination address and amount.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? USDC won't reenter. Even if USDC updates in the future allow some amount of attacker-controlled reentrancy, there is no impact.

Zellic © 2025Back to top ↑