Function: invoke(Invocation[] Invocation[])
Performs invocations in order.
Inputs
invocations
Control: Arbitrary.
Constraints: Depends on
invocation.action
.Impact: Depends on
invocation.action
. Calls_update
,_vaultUpdate
,_placeOrder
,_cancelOrder
,_executeOrder
,_commitPrice
,_liquidate
,_approve
, orUSDC.pullTo
from the sender.
Function call analysis
For all of the following function calls:
invoke -> _update(market, newMaker, newLong, newShort, collateral, wrap)
invoke -> _vaultUpdate(vault, depositAssets, redeemShares, claimAssets, wrap)
invoke -> _placeOrder(msg.sender, market, order)
invoke -> _cancelOrder(msg.sender, market, nonce)
invoke -> _executeOrder(account, market, nonce)
invoke -> _commitPrice(oracleProvider, value, index, version, data, revertOnFailure)
invoke -> _liquidate(IMarket(market), account)
invoke -> _approve(target)
We have:
invoke -> ...
What is controllable? All arguments.
If return value controllable, how is it used and how can it go wrong? N/A.
What happens if it reverts, reenters, or does other unusual control flow? Reverts bubble up; reentrancy is okay due to lack of unexpected state.
And for the USDC call:
invoke -> USDC.pullTo(msg.sender, to, amount)
What is controllable? Destination address and amount.
If return value controllable, how is it used and how can it go wrong? N/A.
What happens if it reverts, reenters, or does other unusual control flow? USDC won't reenter. Even if USDC updates in the future allow some amount of attacker-controlled reentrancy, there is no impact.