Assessment reports>Reserve Throttle Wallet>Threat Model>completeWithdrawal

Function: completeWithdrawal(uint256 _nonce)

This allows completing a withdrawal after the timelock period has passed.

Inputs

  • _nonce

    • Control: Could be controlled by anyone.

    • Constraints: Less than nextNonce.

    • Impact: Used to specify which withdrawal to complete.

Branches and code coverage (including function calls)

Intended branches

  • Complete withdrawal successfully.

  • The balance of each account is right after the withdrawal.

Negative behavior

  • Complete withdrawal failed and revert.

Function call analysis

  • completeWithdrawal -> throttledToken.safeTransfer(withdrawal.target, withdrawal.amount)

    • What is controllable? withdrawal.target and withdrawal.amount.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑