Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Smart Vault>Threat Model>fetchPriceUnsafe
GeneralOverview
Findings
Medium (1)
Low (4)
Informational (3)
DiscussionReentrancy guard modifier
Threat ModelWhat are threat models?RewardVault.solSmartVault.sol
SmartVaultManager.solclaimdepositERC20fetchPricefetchPriceUnsafemanageDebtAndStaketransferCallbackvaultBurnDebtTokenCallbackvaultMintDebtTokenCallbackwithdraw
Audit ResultsAssessment Results

Function: fetchPriceUnsafe(IERC20 _token)

This function is used to fetch the price of a token from the oracle without checking the last update time. It is expected to be called from the smart vault to fetch the underlying asset price.

Inputs

  • _token

    • Control: Fully controllable by the caller.

    • Constraints: None.

    • Impact: Address of the token.

Branches and code coverage

Intended branches

  • Call fetchPriceUnsafe on the price feed.

  • Scale the price to 18 decimals.

Function call analysis

  • oracle.priceFeed.fetchPriceUnsafe()

    • What is controllable? oracle.priceFeed but whitelisted by the owner.

    • If the return value is controllable, how is it used and how can it go wrong? If the price feed fails to return the correct current market price, it would be critical to the vault’s collateral calculation.

    • What happens if it reverts, reenters or does other unusual control flow? A revert indicates a failure in the oracle system, which prevents the vault from calculating the collateral asset value and thus causes it to malfunction.

Zellic © 2025Back to top ↑