Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Stable Predeposit>Threat Model>deposit
GeneralOverview
Findings
Medium (1)
DiscussionCode-quality improvementsLack of bridging gas refunds
Threat ModelWhat are threat models?
HourglassStableVault.soldeployToSparkdepositmintmodifyPendingDepositWindowmodifyStartedDepositWindowpreviewRedeemBridgerecoverErc20recoverEthredeemredeemBridgeredeemRecoverysetBridgeContractsetDepositCaptotalAssetstransitionToRecoveryModetransitionToUnwindModetransitionToWithdrawModetransitionToYieldModewithdrawwithdrawFromSparkwithdrawFromSparkRecovery
HourglassStableVaultBridge.solHourglassStableVaultFrax.solHourglassStableVaultKYC.sol
Audit ResultsAssessment Results

Function: deposit(uint256 assets, address receiver)

This function is the primary entry point for users to supply USDT during the deposit window. It mints shares 1:1 after transferring the tokens into the vault.

Inputs

  • assets

    • Control: N/A.

    • Constraints: Must be greater than zero and within the remaining cap (maxDeposit).

    • Impact: Determines the number of shares minted (1:1) and increases the total supply tracked by the vault.

  • receiver

    • Control: N/A.

    • Constraints: Must be nonzero.

    • Impact: Receives freshly minted shares.

Branches and code coverage

Intended branches

  • Shares are minted 1:1 with the deposited USDT.

Negative behavior

  • Calls outside the Deposit phase and window revert.

Function call analysis

  • SafeERC20.safeTransferFrom(IERC20(this.asset()), caller, address(this), assets)

    • What is controllable? The caller controls the number of USDT to deposit (assets) and the receiver (receiver).

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑