Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Prisma Finance>Threat Models>redeemCollateral
GeneralOverview
Findings
Critical (1)
Low (1)
Informational (2)
DiscussionInaccurate require stringInconsistent update of `lastDefaultInterestUpdate`Unused codeDiscrepancy between interface and implementationMissing test suite
Threat ModelsWhat are threat models?AdminVoting.solAllocationVesting.solBorrowerOperations.solConvexDepositToken.solDebtToken.solFactory.solIncentiveVoting.solLiquidationManager.solPriceFeed.solPrismaToken.solSortedTroves.solStabilityPool.solTokenLocker.solTreasury.sol
TroveManager.solclaimCollateralclaimRewardgetCurrentICRgetEntireDebtAndCollgetPendingCollAndDebtRewardsgetTCRredeemCollateral
Audit ResultsSummary
AppendixAppendix

Function: redeemCollateral(uint256 _debtAmount, address _firstRedemptionHint, address _upperPartialRedemptionHint, address _lowerPartialRedemptionHint, uint256 _partialRedemptionHintNICR, uint256 _maxIterations, uint256 _maxFeePercentage)

This is the function used to redeem the corresponding amount of collateral from as manytTroves as are needed to fill the redemption request.

Inputs

  • _debtAmount

    • Control: Fully controlled.

    • Constraints: Balance of caller should be greater than _debtAmount.

    • Impact: The debt amount to be sent to the system.

  • _firstRedemptionHint

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: Hints at the position of the first trove that will be redeemed from.

  • _upperPartialRedemptionHint

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: Hints at the prevId neighbor of the last redeemed trove upon reinsertion, if it is partially redeemed.

  • _lowerPartialRedemptionHint

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: Hints at the nextId neighbor of the last redeemed trove upon reinsertion, if it is partially redeemed.

  • _partialRedemptionHintNICR

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: Ensures that the transaction will not run out of gas if neither _lowerPartialRedemptionHint nor _upperPartialRedemptionHint are valid anymore.

  • _maxIterations

    • Control: Fully controlled.

    • Constraints: No constraints.

    • Impact: The number of troves redeemed from is capped by _maxIterations.

  • _maxFeePercentage

    • Control: Fully controlled.

    • Constraints: _maxFeePercentage >= redemptionFeeFloor && _maxFeePercentage <= maxRedemptionFee.

    • Impact: The borrower has to provide a _maxFeePercentage that they are willing to accept in case of a fee slippage.

Branches and code coverage (including function calls)

Intended branches

  • If the provided redemption hint is valid, set current borrower to the given first redemption hint.

  • If the provided redemption hint is invalid, find the first trove with ICR >= MCR.

  • If _maxIterations is set to a nonzero value, the loop is capped to the provided value.

  • If _maxIterations is set to 0, the value should be ignored.

  • The amount to be redeemed should be capped by the entire debt of the trove minus the liquidation reserve.

  • If the remaining debt is equal to DEBT_GAS_COMPENSATION, close the trove.

  • If partial redemption was cancelled (out-of-date hint or new net debt < minimum), do not redeem from the last trove and break out of the loop.

  • Collateral fee should be zero when sunsetting; otherwise, check if the user accepts the fee.

  • If the trove length becomes zero after redemptions, reset the state of the system.

Negative behavior

  • Revert if _maxFeePercentage is not in acceptable range.

  • Revert if collateral drawn is zero.

Function call analysis

  • debtToken.balanceOf(msg.sender)

    • What is controllable? msg.sender.

    • If return value controllable, how is it used and how can it go wrong? Return value is the balance of caller's debtToken.

    • What happens if it reverts, reenters, or does other unusual control flow? No reentrancy scenarios.

Zellic © 2025Back to top ↑