Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Prisma Finance>Threat Models>batchClaimRewards
GeneralOverview
Findings
Critical (1)
Low (1)
Informational (2)
DiscussionInaccurate require stringInconsistent update of `lastDefaultInterestUpdate`Unused codeDiscrepancy between interface and implementationMissing test suite
Threat ModelsWhat are threat models?AdminVoting.solAllocationVesting.solBorrowerOperations.solConvexDepositToken.solDebtToken.solFactory.solIncentiveVoting.solLiquidationManager.solPriceFeed.solPrismaToken.solSortedTroves.solStabilityPool.solTokenLocker.sol
Treasury.solbatchClaimRewardssetBoostDelegationParamstransferAllocatedTokens
TroveManager.sol
Audit ResultsSummary
AppendixAppendix

Function: batchClaimRewards(address receiver, address boostDelegate, IRewards[] rewardContracts)

Claim earned tokens from multiple reward contracts.

Inputs

  • receiver

    • Control: Controlled by the user.

    • Constraints: N/A.

    • Impact: Address to transfer tokens to.

  • boostDelegate

    • Control: Controlled by the user.

    • Constraints: N/A.

    • Impact: Address to delegate boost from during this claim.

  • rewardContracts

    • Control: Controlled by the user.

    • Constraints: N/A.

    • Impact: Array of addresses of registered receiver contracts where the caller has pending rewards to claim.

Branches and code coverage (including function calls)

Intended branches

  • Successfully claim tokens.

Negative behavior

  • Reentrancy test.

Function call analysis

  • batchClaimRewards -> rewardContracts[i].treasuryClaimReward(msg.sender, receiver)

    • What is controllable? receiver.

    • If return value controllable, how is it used and how can it go wrong? If return value is controllable, the amount to be claimed will be controlled.

    • What happens if it reverts, reenters, or does other unusual control flow? When it reenters, it would not have a security issue since pendingRewardFor[msg.sender] = 0; has been done.

Zellic © 2025Back to top ↑