Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>StakeKit>Threat Model>deposit
GeneralOverview
Findings
Critical (1)
High (1)
Medium (1)
Low (3)
Patch ReviewPatch Review
Threat ModelWhat are threat models?
AllocatorVaultV1.soldepositharvestmintredeemwithdraw
Audit ResultsAssessment Results

Function: deposit(uint256 _underlying, address receiver)

When a user deposits assets, the function deposits those assets into another ERC-4626 vault and manages the resulting shares, subsequently minting new shares for the users based on the shares obtained.

Inputs

  • _underlying

    • Control: Arbitrary.

    • Constraints: It must be greater than zero.

    • Impact: It specifies the amount of assets to be paid.

  • receiver

    • Control: Arbitrary.

    • Constraints: It must not be address(0).

    • Impact: It is the address of the wallet receiving the shares.

Branches and code coverage

Intended branches

  • Normal minting occurs when an _underlying value greater than zero is provided.

Negative behavior

  • The transaction reverts when the _underlying value is zero.

Function call analysis

  • this.strategy.previewDeposit(_underlying)

    • What is controllable? The _underlying value.

    • If the return value is controllable, how is it used and how can it go wrong? It can still be bypassed even when a value of zero is passed to the _underlying parameter.

    • What happens if it reverts, reenters or does other unusual control flow? No impact.

  • SafeERC20.safeTransferFrom(IERC20(this.underlying), msg.sender, address(this), _underlying)

    • What is controllable? The _underlying value.

    • If the return value is controllable, how is it used and how can it go wrong? No impact.

    • What happens if it reverts, reenters or does other unusual control flow? If reentrancy is possible, it may lead to an increase in the totalSupply() value through repetitive calls to the harvest function, potentially resulting in the permanent freezing of funds. See Finding ref.

  • IERC20(this.underlying).approve(address(this.strategy), _underlying)

    • What is controllable? The _underlying value.

    • If the return value is controllable, how is it used and how can it go wrong? No impact.

    • What happens if it reverts, reenters or does other unusual control flow? While a reentrancy scenario is possible, it may not provide sufficient incentive for an attack, as funds are paid in advance.

  • this.strategy.deposit(_underlying, address(this))

    • What is controllable? The _underlying value.

    • If the return value is controllable, how is it used and how can it go wrong? By maliciously manipulating the receivedAssets value, a substantial number of shares can be minted.

    • What happens if it reverts, reenters or does other unusual control flow? While a reentrancy scenario is possible, it may not provide sufficient incentive for an attack, as funds are paid in advance.

  • this.strategy.convertToAssets(this.totalAssets())

    • What is controllable? It is uncontrollable.

    • If the return value is controllable, how is it used and how can it go wrong? The fee process can be maliciously manipulated.

    • What happens if it reverts, reenters or does other unusual control flow? While a reentrancy scenario is possible, it may not provide sufficient incentive for an attack, as funds are paid in advance.

Zellic © 2025Back to top ↑