Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Stable Predeposit>Threat Model>redeemBridge
GeneralOverview
Findings
Medium (1)
DiscussionCode-quality improvementsLack of bridging gas refunds
Threat ModelWhat are threat models?
HourglassStableVault.soldeployToSparkdepositmintmodifyPendingDepositWindowmodifyStartedDepositWindowpreviewRedeemBridgerecoverErc20recoverEthredeemredeemBridgeredeemRecoverysetBridgeContractsetDepositCaptotalAssetstransitionToRecoveryModetransitionToUnwindModetransitionToWithdrawModetransitionToYieldModewithdrawwithdrawFromSparkwithdrawFromSparkRecovery
HourglassStableVaultBridge.solHourglassStableVaultFrax.solHourglassStableVaultKYC.sol
Audit ResultsAssessment Results

Function: redeemBridge(uint256 shares, address receiver, address owner)

This is an alternative function only callable by the bridge contract to redeem shares from users withdrawing funds from the bridge itself.

Inputs

  • shares

    • Control: N/A.

    • Constraints: Must be nonzero and within the owner's redeemable balance (maxRedeem).

    • Impact: Delegates to redeem to process the redemption.

  • receiver

    • Control: N/A.

    • Constraints: N/A.

    • Impact: Receives the underlying after redemption.

  • owner

    • Control: N/A.

    • Constraints: Must be nonzero.

    • Impact: Shares are burned, and USDT is paid to receiver.

Branches and code coverage

Intended branches

  • Shares are burned, and USDT is transferred.

Negative behavior

  • Calls outside Withdraw mode revert.

Function call analysis

  • this.redeem(shares, receiver, owner)

    • What is controllable? The bridge controls the number of shares to redeem (shares) and the receiver (receiver).

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑