Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Prisma Finance>Threat Models>claimReward
GeneralOverview
Findings
Critical (1)
Low (1)
Informational (2)
DiscussionInaccurate require stringInconsistent update of `lastDefaultInterestUpdate`Unused codeDiscrepancy between interface and implementationMissing test suite
Threat ModelsWhat are threat models?AdminVoting.solAllocationVesting.solBorrowerOperations.solConvexDepositToken.solDebtToken.solFactory.solIncentiveVoting.solLiquidationManager.solPriceFeed.solPrismaToken.solSortedTroves.solStabilityPool.solTokenLocker.solTreasury.sol
TroveManager.solclaimCollateralclaimRewardgetCurrentICRgetEntireDebtAndCollgetPendingCollAndDebtRewardsgetTCRredeemCollateral
Audit ResultsSummary
AppendixAppendix

Function: claimReward(address receiver)

This function is used by users to claim their rewards.

Inputs

  • receiver

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: The receiver of the rewards.

Branches and code coverage (including function calls)

Intended branches

  • The function internally calls _claimReward, which will accrue the debt and mint rewards.

Function call analysis

  • treasury.transferAllocatedTokens(msg.sender, receiver, amount)

    • What is controllable? msg.sender and receiver.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

Zellic © 2025Back to top ↑