Assessment reports>Prisma Finance>Threat Models>permit

Function: permit(address owner, address spender, uint256 amount, uint256 deadline, uint8 v, byte[32] r, byte[32] s)

The permit function allows the owner of tokens to approve a spender to transfer a certain amount until a deadline, using a signature.

Inputs

  • owner

    • Control: Controlled by the user.

    • Constraints: N/A.

    • Impact: Specifies the address from which the tokens will be deducted.

  • spender

    • Control: Controlled by the user.

    • Constraints: N/A.

    • Impact: Specifies the address that will be granted the allowance to spend tokens on behalf of the owner.

  • amount

    • Control: Controlled by the user.

    • Constraints: Must be less than or equal to the owner's balance.

    • Impact: Specifies the amount of tokens the spender will be allowed to spend.

  • deadline

    • Control: Controlled by the user.

    • Constraints: Must be a future timestamp.

    • Impact: Specifies the time until which the permit message is valid. After this time, the message will not be accepted.

  • v

    • Control: Generated as part of the signature of the off-chain permit message.

    • Constraints: Must be a valid part of an ECDSA signature (27 or 28).

    • Impact: Part of the signature for the permit message.

  • r

    • Control: Generated as part of the signature of the off-chain permit message.

    • Constraints: Must be a valid part of an ECDSA signature.

    • Impact: Part of the signature for the permit message.

  • s

    • Control: Generated as part of the signature of the off-chain permit message.

    • Constraints: Must be a valid part of an ECDSA signature.

    • Impact: Part of the signature for the permit message.

Branches and code coverage (including function calls)

Intended branches

  • Successful permit call.

Negative behavior

  • Revert due to expired deadline.

  • Revert due to invalid owner signature.

  • Fail to do replay attack.

Zellic © 2025Back to top ↑