Assessment reports>RabbitX>Threat Model>withdraw

Function: withdraw(uint256 id, address trader, uint256 amount, uint8 v, byte[32] r, byte[32] s)

This function is for withdrawing the paymentToken, verifying the signature with given v, r, and s.

Inputs

  • id

    • Control: Completely controlled by the caller.

    • Constraints: The processedWithdrawals of given id must not be true and must be the signed id for the given signature.

    • Impact: An id to set as true on the processedWithdrawals.

  • trader

    • Control: Completely controlled by the caller.

    • Constraints: This must be the signed trader for the given signature.

    • Impact: The address to send the paymentToken.

  • amount

    • Control: Completely controlled by the caller.

    • Constraints: This must be the signed amount for the given signature, and the value must be bigger than zero.

    • Impact: The amount to transfer.

  • v

    • Control: Completely controlled by the caller.

    • Constraints: This must be a part of the valid signature with given id, trader, and amount.

    • Impact: A part of the signature to verify.

  • r

    • Control: Completely controlled by the caller.

    • Constraints: This must be a part of the valid signature with given id, trader, and amount.

    • Impact: A part of the signature to verify.

  • s

    • Control: Completely controlled by the caller.

    • Constraints: This must be a part of the valid signature with given id, trader, and amount.

    • Impact: A part of the signature to verify.

Branches and code coverage

Intended branches

  • Verify the given signature.

  • Send the paymentToken to the given trader.

Negative behavior

  • Revert when it fails to verify the signature.

  • Revert when the amount is not bigger than zero.

  • Revert when the given processedWithdrawals is already withdrawn.

Zellic © 2025Back to top ↑