Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Spectral Modelers>Threat Model>respondToChallenge
GeneralOverview
Findings
Critical (1)
High (2)
Medium (3)
Low (1)
Informational (1)
DiscussionReturn of staked tokensInsufficient testingMissing zero-address check in `setAdmin`
Threat ModelWhat are threat models?BeaconProxyDeployer.solCompetition.solCompetitionFactory.sol
Modeler.solZKMLChallengeModeleraddStakeToModeleraddStakeToValidatoremergencyOptOutValidatorgiveChallengeToModelerkickModeleroptInModeleroptInValidatoroptOutModeleroptOutValidatorpostGradedprovideDrandProofregisterModelerregisterValidatorreplaceOptOutTopNModelerrespondToChallengerespondToZKMLChallengesetModelerNetPerformanceResultAndUpdatesetNextRandSlotupdateModel
ServiceAgreement.sol
Audit ResultsSummary

Function: respondToChallenge(address _validator, string _ipfsResponse)

This facilitates responding to a challenge.

Inputs

  • _validator

    • Control: Fully controlled by the caller.

    • Constraints: Checked that the validator is registered.

    • Impact: The validator that gave the challenge.

  • _ipfsResponse

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: The IPFS of the response.

Branches and code coverage

Intended branches

  • Assumed that the _validator actually challenged the caller with the specific ipfsChallenge. Currently not explicitly checked.

  • Assumed that the challenge was given for this contract's specific competition. Currently not explicitly checked.

  • Set the ipfsResponse of the modelerChallenges mapping for the modeler.

  • Assure that the _validator has been registered.

Negative behavior

  • Should not reuse a response that has already been used. Currently not checked.

  • Should not allow overriding a response to a challenge. Currently not checked.

  • Should not allow calling this while the contract is paused.

  • Should not allow a msg.sender that has not registered as a modeler to respond to a challenge.

Zellic © 2024Back to top ↑