Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Perennial>Threat Model>invoke
GeneralOverview
Findings
Critical (1)
High (1)
Medium (1)
Low (2)
DiscussionUnnecessary storage assignments in `MappingStorageLib` waste gasIncorrect documentation in Vault `Mapping`Market user interface may be misleadingMissing fee claim mechanismUndercollateralized positions possible
Threat ModelWhat are threat models?Market.solMarketFactory.sol
MultiInvoker.sol_update_vaultUpdateinvoke
Oracle.solOracleFactory.solVault.solVaultFactory.sol
Audit ResultsSummary
AppendixVault inflation POC codeNegative Liquidation PoC codeMultiInvoker drain POC code

Function: invoke(Invocation[] Invocation[])

Performs invocations in order.

Inputs

  • invocations

    • Control: Arbitrary.

    • Constraints: Depends on invocation.action.

    • Impact: Depends on invocation.action. Calls _update, _vaultUpdate, _placeOrder, _cancelOrder, _executeOrder, _commitPrice, _liquidate, _approve, or USDC.pullTo from the sender.

Function call analysis

For all of the following function calls:

  • invoke -> _update(market, newMaker, newLong, newShort, collateral, wrap)

  • invoke -> _vaultUpdate(vault, depositAssets, redeemShares, claimAssets, wrap)

  • invoke -> _placeOrder(msg.sender, market, order)

  • invoke -> _cancelOrder(msg.sender, market, nonce)

  • invoke -> _executeOrder(account, market, nonce)

  • invoke -> _commitPrice(oracleProvider, value, index, version, data, revertOnFailure)

  • invoke -> _liquidate(IMarket(market), account)

  • invoke -> _approve(target)

We have:

  • invoke -> ...

    • What is controllable? All arguments.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? Reverts bubble up; reentrancy is okay due to lack of unexpected state.

And for the USDC call:

  • invoke -> USDC.pullTo(msg.sender, to, amount)

    • What is controllable? Destination address and amount.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? USDC won't reenter. Even if USDC updates in the future allow some amount of attacker-controlled reentrancy, there is no impact.

Zellic © 2025Back to top ↑