Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic siteBack

Assessment reports>Smart Vault>Threat Model>transferAllocatedTokens

GeneralOverview

Findings

Informational (3)

DiscussionReentrancy guard modifier

Threat ModelWhat are threat models?

RewardVault.sol addAllocated removeAllocated transferAllocatedTokens

SmartVault.sol SmartVaultManager.sol

Audit ResultsAssessment Results

Function: `transferAllocatedTokens(Allocation allocation)`

This function is used to transfer allocated tokens to the recipient. This function is expected to be called by the smart vault, but it could be called directly by the allocation owner.

Inputs

allocation
- Control: Fully controllable by the caller.
- Constraints: Amount is not zero.
- Impact: Address of asset, address of recipient, and amount of tokens.

Branches and code coverage

Intended branches

Check that the provided amount is not zero.
Test coverage
Check caller's (msg.sender's) allocation exists.
Test coverage
Subtract the amount from the caller's allocation.
Test coverage
Transfer the amount to the recipient.
Test coverage
Emit the TransferAllocatedTokens event.
Test coverage

Negative behavior

Revert if the amount is zero.
Negative test
Revert if the caller's allocation does not exist.
Negative test

Function call analysis

SafeERC20.safeTransfer(IERC20(allocation.asset), allocation.recipient, allocation.amount)
- What is controllable? asset, but allocated by the contract owner, recipient, and amount.
- If the return value is controllable, how is it used and how can it go wrong? The return value is not used.
- What happens if it reverts, reenters or does other unusual control flow? A revert indicates the transfer fails.

Zellic © 2025Back to top ↑