Assessment reportsPublic findings
Back to Zellic site
Assessment reports>RabbitX>Informational findings>Redundant code
GeneralOverview
Findings
Low (2)
Informational (1)Redundant code
DiscussionOwner of the contract cannot be changedCentralization risk
Threat ModelWhat are threat models?Bfx.solBfxDeposit.solBfxVault.solPoolDeposit.solRabbit.sol
Audit ResultsSummary
Category: Code Maturity

Redundant code

Informational Severity
Informational Impact
N/A Likelihood

Description

The BfxVault and Rabbit contracts have the feature to manage the roles of users (admin, trader, treasurer). However, this feature is not used in these contracts.

Also, BfxDeposit and PoolDeposit contracts have this line of code unaffecting the behavior of the protocol:

function pooledDeposit(Contribution[] calldata contributions) external {
    // ...
    uint256 totalAmount = 0;
    // ...
    for (uint i = 0; i < contributions.length; i++) {
        // ...
        totalAmount += contribAmount;
        // ...
        require(totalAmount >= contribAmount, "INTEGRITY_OVERFLOW_ERROR");
        // ...
    }
    // ...
}

Starting with the Solidity version 0.8.x, the compiler performs an arithmethic overflow check in default; thus, the require statement is unnecessary.

Impact

The unused code does not have any impact on the behavior of the protocol.

Recommendations

Consider removing the unused code.

Remediation

Blast Futures stated that they believe that the risk of this issue is negligible considering the cost of redeployment.

Zellic © 2025Back to top ↑