Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Prisma Finance>Threat Models>openTrove
GeneralOverview
Findings
Critical (1)
Low (1)
Informational (2)
DiscussionInaccurate require stringInconsistent update of `lastDefaultInterestUpdate`Unused codeDiscrepancy between interface and implementationMissing test suite
Threat ModelsWhat are threat models?AdminVoting.solAllocationVesting.sol
BorrowerOperations.sol_adjustTrovecloseTroveopenTrove
ConvexDepositToken.solDebtToken.solFactory.solIncentiveVoting.solLiquidationManager.solPriceFeed.solPrismaToken.solSortedTroves.solStabilityPool.solTokenLocker.solTreasury.solTroveManager.sol
Audit ResultsSummary
AppendixAppendix

Function: openTrove(IERC20 collateralToken, address account, uint256 _maxFeePercentage, uint256 _collateralAmount, uint256 _debtAmount, address _upperHint, address _lowerHint)

The function is used to open a new trove.

Inputs

  • collateralToken

    • Control: Fully controlled.

    • Constraints: Should be one of the accepted collaterals.

    • Impact: The collateral to be provided to the system.

  • account

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: Address of the borrower.

  • _maxFeePercentage

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: The maximum fee the user is willing to accept.

  • _collateralAmount

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: The amount of collateral provided by the borrower.

  • _debtAmount

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: The amount of debt tokens requested by the borrower.

  • _upperHint

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: The prevId of the two adjacent nodes in the linked list that are (or would become) the neighbors of the given trove.

  • _lowerHint

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: The nextId of the two adjacent nodes in the linked list that are (or would become) the neighbors of the given trove.

Branches and code coverage (including function calls)

Intended branches

  • If the system is in recovery mode, the borrowing fee should be neglected.

  • If the system is in recovery mode, the ICR should be above CCR.

  • If the system is not in recovery mode, the ICR should be above MCR.

  • If the system is not in recovery mode, the newTCR after the trove change should be above CCR.

Negative behavior

  • The function should revert if netDebt is less than the minimum debt required to open the trove.

  • The function should revert if collateral transfer fails.

  • The function should revert if collateral is sunsetting.

  • The function should revert if collateral debt limit is reached.

Function call analysis

  • troveManager.openTrove(account,_collateralAmount,vars.compositeDebt,vars.NICR,_upperHint,_lowerHint)

  • What is controllable? account , _collateralAmount , _upperHint, and _lowerHint.

    • If return value controllable, how is it used and how can it go wrong? Return value is not controllable.

    • What happens if it reverts, reenters, or does other unusual control flow? The entire function would revert if the external call reverts --- no reentrancy scenarios.

  • collateralToken.transferFrom(msg.sender, address(troveManager), _collateralAmount)

  • What is controllable? msg.sender and _collateralAmount.

    • If return value controllable, how is it used and how can it go wrong? Return value is not controllable.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

Zellic © 2025Back to top ↑