Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic siteBack

Assessment reports>Security Policy>Threat Model>enableSecurityPolicy

GeneralOverview

DiscussionReturn datasize unchecked Bypassing Security Policies

Threat ModelWhat are threat models?ERC7484SecurityPolicy.sol

SecurityPolicyManagerPlugin.sol checkAndEnableModule checkSetupAndEnableModule disableSecurityPoliciesRange disableSecurityPolicy enableSecurityPolicies enableSecurityPolicy

Audit ResultsSummary

Function: `enableSecurityPolicy(ISecurityPolicyPlugin _policy)`

This enables a security policy, inserting into the linked list.

Inputs

_policy
- Control: Full.
- Constraints: != SENTINEL && != 0x0.
- Impact: The policy.

Branches and code coverage (including function calls)

Intended branches

enabledSecurityPolicies[policy] is the previous head.
Test coverage
enabledSecurityPolicies[SENTINEL_MODULE_ADDRESS] == policy.
Test coverage

Negative behavior

Inserted Security Policy cannot be the sentinel address.
Negative test
Inserted Security Policy cannot be 0x0.
Negative test

Zellic © 2025Back to top ↑