Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>SSI Protocol>Threat Model>checkHedgeOrder
GeneralOverview
Findings
Medium (3)
Low (4)
DiscussionTest suiteCustom errors could save gasRedundant checksNo storage gap for upgradable contractsCentralization risk
Threat ModelWhat are threat models?AssetFactory.solAssetFeeManager.solAssetIssuer.solAssetLocking.solAssetRebalancer.solAssetToken.solStakeFactory.solStakeToken.solSwap.sol
USSI.solapplyMintapplyRedeemcheckHedgeOrderconfirmMintconfirmRedeemrejectMintrejectRedeem
Audit ResultsAssessment Results

Function: checkHedgeOrder(HedgeOrder hedgeOrder, byte[32] orderHash, bytes orderSignature)

This function checks if the given hedge order is valid.

Inputs

  • hedgeOrder

    • Control: Fully controlled by the caller.

    • Constraints: Must be a valid hedge order.

    • Impact: Specifies the hedge order to be validated.

  • orderHash

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: Specifies the hash of the hedge order.

  • orderSignature

    • Control: Fully controlled by the caller.

    • Constraints: Must be a valid signature for the order hash by the order signer.

    • Impact: Specifies the signature of the hedge order.

Branches and code coverage

Intended branches

  • Validate the given order hash.

Negative behavior

  • Given hedge order is submitted to correct chain.

  • Specified asset is supported if the given order mints a token.

  • Specified redeem token is equal to the configured token if the given order redeems tokens.

  • Deadline of order has not passed.

  • Order is not duplicated.

  • The order is correctly signed by the order signer.

Zellic © 2025Back to top ↑