Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic siteBack

Assessment reports>Smart Vault>Threat Model>removeAllocated

GeneralOverview

Findings

Informational (3)

DiscussionReentrancy guard modifier

Threat ModelWhat are threat models?

RewardVault.sol addAllocated removeAllocated transferAllocatedTokens

SmartVault.sol SmartVaultManager.sol

Audit ResultsAssessment Results

Function: `removeAllocated(Allocation[] allocations)`

This function is used to remove allocated tokens from the reward vault. Only the owner can call this function.

Inputs

allocations
- Control: Fully controllable by the caller (contract owner).
- Constraints: None.
- Impact: Address of asset, address of recipient, and amount of tokens.

Branches and code coverage

Intended branches

Check if the balance is enough, for each allocation.
Test coverage
Subtract the amount from the allocation.
Test coverage
Transfer the amount to the owner.
Test coverage
Emit the RemoveAllocation event.
Test coverage

Negative behavior

Revert if the caller is not the contract owner.
Negative test
Revert if the balance is not enough.
Negative test

Function call analysis

SafeERC20.safeTransfer(IERC20(allocation.asset), this.owner(), allocation.amount)
- What is controllable? asset, but allocated by the contract owner, recipient, and amount.
- If the return value is controllable, how is it used and how can it go wrong? The return value is not used.
- What happens if it reverts, reenters or does other unusual control flow? A revert indicates the transfer fails.

Zellic © 2025Back to top ↑