Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic siteBack

Assessment reports>Smart Vault>Threat Model>manageDebtAndStake

GeneralOverview

Findings

Informational (3)

DiscussionReentrancy guard modifier

Threat ModelWhat are threat models?RewardVault.sol SmartVault.sol

SmartVaultManager.sol claim depositERC20 fetchPrice fetchPriceUnsafe manageDebtAndStake transferCallback vaultBurnDebtTokenCallback vaultMintDebtTokenCallback withdraw

Audit ResultsAssessment Results

Function: `manageDebtAndStake(ISmartVault vault)`

This function is used to manage debt and stake for a smart vault.

Inputs

vault
- Control: Fully controllable by the caller.
- Constraints: Address of the vault must be whitelisted by the owner.
- Impact: Address of the vault.

Branches and code coverage

Intended branches

Check the vault address is valid by calling _checkVaultIsValid.
Test coverage
Call manageDebtAndStake on the vault.
Test coverage
Emit the ManageDebtAndStake event.
Test coverage

Negative behavior

Revert if the contract is paused.
Negative test
Revert if the provided vault address is not valid.
Negative test

Function call analysis

vault.manageDebtAndStake()
- What is controllable? vault but whitelisted by the owner.
- If the return value is controllable, how is it used and how can it go wrong? The return value is not used.
- What happens if it reverts, reenters or does other unusual control flow? The revert indicates a failure in the vault's manage debt and stake, and reentrancy is not an issue since there are no subsequent values affected by the CEI pattern.

Zellic © 2025Back to top ↑