Assessment reports>Prisma Finance>Threat Models>withdraw

Function: withdraw(address receiver, uint256 amount)

Withdraw a specified amount of tokens to a receiver address.

Inputs

  • receiver

    • Control: Controlled by the user.

    • Constraints: Cannot be the zero address.

    • Impact: The address that will receive the amount of tokens withdrawn.

  • amount

    • Control: Controlled by the user.

    • Constraints: Must be a positive integer.

    • Impact: The number of tokens to be transferred from the contract to the receiver.

Branches and code coverage (including function calls)

Intended branches

  • Successful withdrawal with rewards claimed.

  • Successful withdrawal without rewards claimed.

Negative behavior

  • Insufficient balance.

  • Transfer to zero address.

Function call analysis

  • withdraw -> crvRewards.withdrawAndUnwrap(amount, claimRewards)

    • What is controllable? amount.

    • If return value controllable, how is it used and how can it go wrong? There is no return value used in this case.

    • What happens if it reverts, reenters, or does other unusual control flow? If the function reverts, the whole transaction will revert and no tokens will be withdrawn. This call is not vulnerable to reentrancy as it does not directly depend on the state of the contract.

  • withdraw -> lpToken.transfer(receiver, amount)

    • What is controllable? receiver and amount.

    • If return value controllable, how is it used and how can it go wrong? There is no return value used in this case.

    • What happens if it reverts, reenters, or does other unusual control flow? If this call reverts, the whole transaction will revert.

  • withdraw -> _updateIntegrals(msg.sender, balance, supply)

    • What is controllable? balance.

    • If return value controllable, how is it used and how can it go wrong? There is no return value used in this case.

    • What happens if it reverts, reenters, or does other unusual control flow? If this call reverts, the whole transaction will revert.

Zellic © 2025Back to top ↑