Assessment reports>Prisma Finance>Threat Models>closeTrove

Function: closeTrove(IERC20 collateralToken, address account)

The function can be used by a user (or a delegated address) to close their trove.

Inputs

  • collateralToken

    • Control: Fully controlled.

    • Constraints: Should be one of the accepted collaterals.

    • Impact: The collateral to be provided to the system.

  • account

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: Either the caller or the delegated caller.

Branches and code coverage (including function calls)

Intended branches

  • Should apply pending rewards before closing the trove.

  • Burn the repaid debt from the user's balance and the gas compensation from the gas pool.

Negative behavior

  • Revert if system is in recovery mode.

  • Revert if total system ICR comes below CCR after the trove is closed.

Function call analysis

  • troveManager.applyPendingRewards(account)

    • What is controllable? account.

    • If return value controllable, how is it used and how can it go wrong? Return value is not controllable.

    • What happens if it reverts, reenters, or does other unusual control flow? The entire function would revert if the external call reverts --- no reentrancy scenarios.

  • troveManager.closeTrove(account, coll, debt)

    • What is controllable? account.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? The entire function would revert if the external call reverts --- no reentrancy scenarios.

  • debtToken.burnWithGasCompensation(msg.sender, debt - DEBT_GAS_COMPENSATION)

    • What is controllable? msg.sender.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? The entire function would revert if the external call reverts --- no reentrancy scenarios.

Zellic © 2025Back to top ↑