Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>StakeKit FeeWrapper>Threat Model>deposit
GeneralOverview
Findings
Medium (3)
DiscussionUse of ReentrancyGuard is recommendedNo proxy pattern for upgradesNo test coverage for nonstandard ERC-20 tokens
Threat ModelWhat are threat models?FeeManager.sol
FeeWrapper4626.soldeposit
Audit ResultsAssessment Results

Function: deposit(address depositContract, address depositToken, uint256 amount)

This function is used to deposit tokens into the target ERC-4626 vault and collect fees.

Inputs

  • depositContract

    • Control: Arbitrary.

    • Constraints: Mapped in feeConfigs.

    • Impact: Address of the ERC-4626 vault.

  • depositToken

    • Control: Arbitrary.

    • Constraints: Mapped in feeConfigs.

    • Impact: Address of the ERC-20 token to deposit.

  • amount

    • Control: Arbitrary.

    • Constraints: Nonzero.

    • Impact: Amount of tokens to deposit.

Branches and code coverage

Intended branches

  • Invoke computeFee to calculate the fee with amount.

  • Transfer the fee to the feeRecipient if feeRecipient exists.

  • Transfer the fee to the providerFeeRecipient.

  • Receive the deposit amount from msg.sender.

  • Call approve to depositContract with depositAmount.

  • Call depositContractInstance.deposit with depositAmount and msg.sender.

Negative behavior

  • Revert if amount is zero.

  • Revert if depositContract and depositToken are not enabled in feeConfigs.

  • Revert if the fee transfer to feeRecipient fails.

  • Revert if the provider-fee transfer fails.

  • Revert if the transfer deposit amount fails.

  • Revert if the deposit token approval fails.

Function call analysis

  • depositTokenInstance.transferFrom(msg.sender, feeConfig.feeRecipient, feeRecipientAmount)

    • What is controllable? feeRecipientAmount based on the user's deposit amount.

    • If the return value is controllable, how is it used and how can it go wrong? It could be executed if the transfer fails.

  • depositTokenInstance.transferFrom(msg.sender, this.providerFeeRecipient, feeAmount)

    • What is controllable? feeAmount based on the user's deposit amount.

    • If the return value is controllable, how is it used and how can it go wrong? It could be executed if the transfer fails.

  • depositTokenInstance.transferFrom(msg.sender, address(this), depositAmount)

    • What is controllable? depositAmount based on the user's deposit amount.

    • If the return value is controllable, how is it used and how can it go wrong? It could be executed if the transfer fails.

  • depositTokenInstance.approve(depositContract, depositAmount)

    • What is controllable? depositAmount based on the user's deposit amount.

    • If the return value is controllable, how is it used and how can it go wrong? Transfer will fail in depositContractInstance.deposit.

  • depositContractInstance.deposit(depositAmount, msg.sender)

    • What is controllable? depositAmount based on the user's deposit amount.

    • If the return value is controllable, how is it used and how can it go wrong? The share could be manipulated to return a different value.

Zellic © 2025Back to top ↑