Assessment reportsPublic findings
Back to Zellic site
Assessment reports>StaFi>Threat Models>unstakeWithPool
GeneralOverview
Findings
Medium (1)
Low (1)
Informational (1)
DiscussionPragma versionsTest suiteReentrancy checks
Threat ModelsWhat are threat models?
StakeManager.soladdStakePoolapproveinitmigratenewEraredelegatermStakePoolsetParamsstakeWithPooltransferAdmintransferDelegationBalancerunstakeWithPoolwithdrawProtocolFeewithdrawWithPool
StakePool.sol
Audit ResultsSummary

Function: unstakeWithPool(address _poolAddress, uint256 _rTokenAmount)

Unstaked from a certain bonded pool.

Inputs

  • _poolAddress

    • Control: Full.

    • Constraints: Must be in bondedPools.

    • Impact: The pool.

  • _rTokenAmount

    • Control: Full.

    • Constraints: None.

    • Impact: Amount to unstake.

Branches and code coverage (including function calls)

Intended branches

  • Staked tokens are burned.

  • Returns original rToken.

Negative behavior

  • Cannot unstake 0 tokens.

  • Cannot unstake more than UNBOND_TIMES_LIMIT.

  • Cannot unstake from a pool not in bondedPools.

Function call analysis

  • IERC20MintBurn(rTokenAddress).burnFrom(msg.sender, leftRTokenAmount)

    • What is controllable? leftRTokenAmount (after unstake fee).

    • If return value controllable, how is it used and how can it go wrong? Discarded.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • IERC20(rTokenAddress).safeTransferFrom(msg.sender, address(this), unstakeFee)

    • What is controllable? Nothing.

    • If return value controllable, how is it used and how can it go wrong? Discarded.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

Zellic © 2024Back to top ↑