Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>StaFi>Threat Models>approve
GeneralOverview
Findings
Medium (1)
Low (1)
Informational (1)
DiscussionPragma versionsTest suiteReentrancy checks
Threat ModelsWhat are threat models?
StakeManager.soladdStakePoolapproveinitmigratenewEraredelegatermStakePoolsetParamsstakeWithPooltransferAdmintransferDelegationBalancerunstakeWithPoolwithdrawProtocolFeewithdrawWithPool
StakePool.sol
Audit ResultsSummary

Function: approve(address _poolAddress, uint256 _amount)

Should allow the approval of the ERC-20 token to a pool.

Inputs

  • _poolAddress

    • Control: Fully controlled by the admin.

    • Constraints: None.

    • Impact: The address of the pool to approve.

  • _amount

    • Control: Fully controlled by the admin.

    • Constraints: None.

    • Impact: The amount to approve.

Branches and code coverage (including function calls)

Intended branches

  • Should approve the _amount on the _poolAddress.

Negative behavior

  • Should not allow anyone other than the admin to call this function. Ensured through the onlyAdmin modifier.

Function call analysis

  • IStakePool(_poolAddress).approveForStakeManager(erc20TokenAddress, _amount)

    • What is controllable? poolAddress and _amount.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? Approval fails.

Zellic © 2025Back to top ↑