Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Smart Vault>Threat Model>vaultMintDebtTokenCallback
GeneralOverview
Findings
Medium (1)
Low (4)
Informational (3)
DiscussionReentrancy guard modifier
Threat ModelWhat are threat models?RewardVault.solSmartVault.sol
SmartVaultManager.solclaimdepositERC20fetchPricefetchPriceUnsafemanageDebtAndStaketransferCallbackvaultBurnDebtTokenCallbackvaultMintDebtTokenCallbackwithdraw
Audit ResultsAssessment Results

Function: vaultMintDebtTokenCallback(uint256 amount)

This function is used to mint debt tokens for a smart vault. It is expected to be called from the smart vault during _mintDebtToken.

Inputs

  • amount

    • Control: Not controllable, calculated in the contract.

    • Constraints: Amount is not zero (validated in the _mintDebtToken).

    • Impact: Amount of debt token to mint.

Branches and code coverage

Intended branches

  • Check if the caller is the smart vault.

  • Call mint on the debt token.

Negative behavior

  • Revert if the caller is not the smart vault.

  • Revert if the debt-token minting fails.

Function call analysis

  • this.debtToken.mint(msg.sender, amount)

    • What is controllable? Nothing.

    • If the return value is controllable, how is it used and how can it go wrong? It is safe because _mintDebtToken, which calls vaultMintDebtTokenCallback, performs a balance check after minting.

    • What happens if it reverts, reenters or does other unusual control flow? A revert indicates a failure in the mint process, and since the debtToken is expected to be an ERC-20 address, there is no reentrancy risk.

Zellic © 2025Back to top ↑