Assessment reports>StakeKit>Threat Model>harvest

Function: harvest()

This function mints to the feeRecipient in accordance with the specified fee rate.

Branches and code coverage

Intended branches

  • Anyone from the outside can invoke it to mint fees to the feeRecipient.

Function call analysis

  • this.computeHarvestFee() -> this.strategy.convertToAssets(this.totalAssets())

    • What is controllable? It is uncontrollable.

    • If the return value is controllable, how is it used and how can it go wrong? Maliciously manipulating the minting value can lead to the permanent freezing of users' assets.

    • What happens if it reverts, reenters or does other unusual control flow? No impact.

Zellic © 2025Back to top ↑