Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Prosper Omnichain Fungible Token>Threat Model>Function: executeBurn(address account)
GeneralOverview
Findings
Low (2)
DiscussionCentralization riskMissing upgrade test suitePossible gas optimization
Threat ModelWhat are threat models?
Token.solFunction: batchExecuteBurn(address[] calldata accounts)batchMintFunction: executeBurn(address account)Function: requestBurn(uint256 amount)sendswapTokenFunction: withdrawSwappables(address receiver)
Audit ResultsAssessment Results

Function: executeBurn(address account)

The function burns the tokens that were previously requested to be burned by the account address through the requestBurn function. The function can be executed only by the burner role.

Inputs

  • account

    • Control: The burnRequests mapping is checked to contain a burning request for this account.

    • Impact: The contract cannot burn tokens that were not requested to be burned.

Branches and code coverage (including function calls)

Intended branches

  • Tokens are burned according the previous burn request, and the request is successfully removed.

Negative behavior

  • The function reverts when the request was not previously performed.

  • The function reverts when the function is called by a non-burner role.

Function call analysis

  • executeBurn -> _burn(address(this), amount)

    • External/Internal? External.

    • Argument control? amount.

    • Impact: Burn the amount of tokens requested.

Zellic © 2025Back to top ↑