Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>StaFi>Threat Models>withdrawProtocolFee
GeneralOverview
Findings
Medium (1)
Low (1)
Informational (1)
DiscussionPragma versionsTest suiteReentrancy checks
Threat ModelsWhat are threat models?
StakeManager.soladdStakePoolapproveinitmigratenewEraredelegatermStakePoolsetParamsstakeWithPooltransferAdmintransferDelegationBalancerunstakeWithPoolwithdrawProtocolFeewithdrawWithPool
StakePool.sol
Audit ResultsSummary

Function: withdrawProtocolFee(address _to)

Allows withdrawing the protocol fee.

Inputs

  • _to

    • Control: Fully controlled by admin.

    • Constraints: None.

    • Impact: The address to withdraw the protocol fee to.

Branches and code coverage (including function calls)

Intended branches

  • Assumed it would not be abused by the admin.

  • Decrease the rTokenAddress balance of the contract by transferring it to _to.

Negative behavior

  • Should not allow anyone other than the admin to call this function. Ensured through the onlyAdmin modifier.

Function call analysis

  • IERC20(rTokenAddress).safeTransfer(_to, IERC20(rTokenAddress).balanceOf(address(this)))

    • What is controllable? _to.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? Transfer fails.

Zellic © 2025Back to top ↑