Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Prisma Finance>Threat Models>executeProposal
GeneralOverview
Findings
Critical (1)
Low (1)
Informational (2)
DiscussionInaccurate require stringInconsistent update of `lastDefaultInterestUpdate`Unused codeDiscrepancy between interface and implementationMissing test suite
Threat ModelsWhat are threat models?
AdminVoting.solcreateNewProposalexecuteProposalvoteForProposal
AllocationVesting.solBorrowerOperations.solConvexDepositToken.solDebtToken.solFactory.solIncentiveVoting.solLiquidationManager.solPriceFeed.solPrismaToken.solSortedTroves.solStabilityPool.solTokenLocker.solTreasury.solTroveManager.sol
Audit ResultsSummary
AppendixAppendix

Function: executeProposal(uint256 id)

Execute a proposal's payload.

Inputs

  • id

    • Control: Controlled by the user.

    • Constraints: Should be a valid exist ID.

    • Impact: The ID of the proposal that would be executed.

Branches and code coverage (including function calls)

Intended branches

  • Successfully execute a proposal.

Negative behavior

  • Revert due to invalid proposal ID.

  • Revert due to insufficient votes.

  • Revert due to the proposal that has already been processed.

Function call analysis

  • executeProposal -> payload[i].target.functionCall(payload[i].data)

    • What is controllable? The target and data fields of each action in the payload.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? If this call reverts, the execution of the proposal would fail and all state changes would be reverted. It could potentially cause reentrancy if the called function calls back into the executeProposal function, but there is no security issue here.

Zellic © 2025Back to top ↑