Assessment reports>StakeKit>Threat Model>mint

Function: mint(uint256 shares, address receiver)

This function allows for the direct specification of the shares value to designate the desired amount of shares to be minted, thereby depositing the corresponding assets into the ERC-4626 vault and facilitating the payment for the received shares.

Inputs

  • shares

    • Control: Arbitrary.

    • Constraints: It must be greater than zero.

    • Impact: It determines the final minting value of the shares.

  • receiver

    • Control: Arbitrary.

    • Constraints: It must not be address(0).

    • Impact: It is the address of the wallet receiving the shares.

Branches and code coverage

Intended branches

  • Normal minting occurs when a shares value greater than zero is provided.

Negative behavior

  • The transaction reverts when the shares value is zero.

Function call analysis

  • this.previewMint(shares) -> this.previewHarvest() -> this.computeHarvestFee() -> this.strategy.convertToAssets(this.totalAssets())

    • What is controllable? The shares value.

    • If the return value is controllable, how is it used and how can it go wrong? The value of the assets to be deposited can be maliciously altered.

    • What happens if it reverts, reenters or does other unusual control flow? No impact.

  • this.previewMint(shares) -> this.strategy.previewMint(assets)

    • What is controllable? The shares value.

    • If the return value is controllable, how is it used and how can it go wrong? The value of the assets to be deposited can be maliciously altered.

    • What happens if it reverts, reenters or does other unusual control flow? No impact.

  • SafeERC20.safeTransferFrom(IERC20(this.underlying), msg.sender, address(this), _underlying)

    • What is controllable? The _underlying value.

    • If the return value is controllable, how is it used and how can it go wrong? No impact.

    • What happens if it reverts, reenters or does other unusual control flow? If reentrancy is possible, it may lead to an increase in the totalSupply() value through repetitive calls to the harvest function, potentially resulting in the permanent freezing of funds.

  • IERC20(this.underlying).approve(address(this.strategy), _underlying)

    • What is controllable? The _underlying value.

    • If the return value is controllable, how is it used and how can it go wrong? No impact.

    • What happens if it reverts, reenters or does other unusual control flow? While a reentrancy scenario is possible, it may not provide sufficient incentive for an attack, as funds are paid in advance.

  • this.strategy.deposit(_underlying, address(this))

    • What is controllable? The _underlying value.

    • If the return value is controllable, how is it used and how can it go wrong? No impact.

    • What happens if it reverts, reenters or does other unusual control flow? While a reentrancy scenario is possible, it may not provide sufficient incentive for an attack, as funds are paid in advance.

  • this.strategy.convertToAssets(this.totalAssets())

    • What is controllable? It is uncontrollable.

    • If the return value is controllable, how is it used and how can it go wrong? The fee process can be maliciously manipulated.

    • What happens if it reverts, reenters or does other unusual control flow? While a reentrancy scenario is possible, it may not provide sufficient incentive for an attack, as funds are paid in advance.

Zellic © 2025Back to top ↑