Assessment reports>Prisma Finance>Threat Models>permit

Function: permit(address owner, address spender, uint256 amount, uint256 deadline, uint8 v, byte[32] r, byte[32] s)

Implementation of the ERC-20 permit allowing approvals to be made via signatures, as defined in EIP-2612.

Inputs

  • owner

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: The address of the token owner who signed the message.

  • spender

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: The address of the spender contract who can transfer tokens on behalf of the owner.

  • amount

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: The maximum amount of tokens that can be transferred by the spender.

  • deadline

    • Control: Fully controlled.

    • Constraints: Should be greater than the current timestamp.

    • Impact: A timestamp after which the signature is invalid.

  • v

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: The component of the EIP-712 signature that proves the owner’s consent.

  • r

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: The component of the EIP-712 signature that proves the owner’s consent.

  • s

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: The component of the EIP-712 signature that proves the owner’s consent.

Branches and code coverage (including function calls)

Intended branches

  • _approve is called with the expected recovered address.

Negative behavior

  • Revert if signature is invalid and the recovered address does not match the expected owner address.

Zellic © 2025Back to top ↑