Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Smart Vault>Threat Model>depositERC20
GeneralOverview
Findings
Medium (1)
Low (4)
Informational (3)
DiscussionReentrancy guard modifier
Threat ModelWhat are threat models?RewardVault.solSmartVault.sol
SmartVaultManager.solclaimdepositERC20fetchPricefetchPriceUnsafemanageDebtAndStaketransferCallbackvaultBurnDebtTokenCallbackvaultMintDebtTokenCallbackwithdraw
Audit ResultsAssessment Results

Function: depositERC20(DepositParams depositParams)

This function is used to deposit ERC-20 tokens into a smart vault.

Inputs

  • depositParams

    • Control: Fully controllable by the caller.

    • Constraints: Address of the vault must be whitelisted by owner.

    • Impact: Address of the vault, amount to deposit, and the receiver address.

Branches and code coverage

Intended branches

  • Check the vault address is valid by calling _checkVaultIsValid.

  • Call depositERC20 on the vault.

  • Emit the Deposit event.

Negative behavior

  • Revert if the contract is paused.

  • Revert if the provided vault address is not valid.

Function call analysis

  • vault.depositERC20(amount, msg.sender, receiver)

    • What is controllable? vault but whitelisted by owner, amount, and receiver.

    • If the return value is controllable, how is it used and how can it go wrong? The return value is not used.

    • What happens if it reverts, reenters or does other unusual control flow? A revert indicates a failure in the vault deposit, and reentrancy is not an issue since there are no subsequent values affected by the CEI pattern.

Zellic © 2025Back to top ↑