Function: redeemRecovery(uint256 shares, address receiver, address owner)

This function is a permissionless redemption path available in the Recovery phase so users can exit without the bridge once the timelock expires (180 days).

Inputs

• shares

  • Control: N/A.

  • Constraints: Must be greater than zero and limited by the owner's balance/allowance (maxRedeem).

  • Impact: Determines the USDT withdrawn from the vault.

• receiver

  • Control: N/A.

  • Constraints: N/A.

  • Impact: Receives the redeemed USDT.

• owner

  • Control: N/A.

  • Constraints: Must be nonzero.

  • Impact: Experiences a share burn equal to the redemption.

Branches and code coverage

Intended branches

• Shares are burned, and USDT is transferred.

  Test coverage

Negative behavior

• Calls outside Recovery mode revert.

  Negative test

Function call analysis

• SafeERC20.safeTransfer(IERC20(this.asset()), receiver, assets)

  • What is controllable? The caller controls the number of shares to redeem (shares) and the receiver (receiver).

  • If the return value is controllable, how is it used and how can it go wrong? N/A.

  • What happens if it reverts, reenters or does other unusual control flow? N/A.