Assessment reports>Prisma Finance>Threat Models>deposit

Function: deposit(address receiver, uint256 amount)

Allow the user to deposit a specified amount of LP tokens to the contract.

Inputs

  • receiver

    • Control: Controlled by the user.

    • Constraints: N/A.

    • Impact: The address whose balance will be increased by the deposited amount.

  • amount

    • Control: Controlled by the user.

    • Constraints: Must be a positive integer. The caller must have enough LP tokens to transfer.

    • Impact: Specifies the number of LP tokens to deposit into the contract.

Branches and code coverage (including function calls)

Intended branches

  • Successful deposit.

Negative behavior

  • Zero deposit.

  • Insufficient balance.

Function call analysis

  • deposit -> lpToken.transferFrom(msg.sender, address(this), amount)

    • What is controllable? The amount of tokens to be transferred is controllable by the user.

    • If return value controllable, how is it used and how can it go wrong? No return value is checked.

    • What happens if it reverts, reenters, or does other unusual control flow? The entire deposit function will revert if the transfer reverts.

  • deposit -> booster.deposit(depositPid, amount, true)

    • What is controllable? The amount of tokens to be deposited into the booster contract is controllable by the user.

    • If return value controllable, how is it used and how can it go wrong? No return value is checked.

    • What happens if it reverts, reenters, or does other unusual control flow? The entire deposit function will revert if the booster.deposit call reverts.

Zellic © 2025Back to top ↑