Function: redeem(uint256 shares, address receiver, address owner)
This function allows for the specification of the desired amount of shares
to be burned directly, followed by the withdrawal of assets from the ERC-4626 vault.
Inputs
shares
Control: Arbitrary.
Constraints: It must be greater than zero and less than or equal to the balance of the
owner
.Impact: Specifies the amount of shares to be burned.
receiver
Control: Arbitrary.
Constraints: A value of type
address
.Impact: It is the address of the wallet receiving the assets.
owner
Control: Arbitrary.
Constraints: It must not be
address(0)
.Impact: Specifies the address of the wallet that will burn the shares.
Branches and code coverage
Intended branches
A normal withdrawal occurs when
shares
greater than zero and less than or equal to the owner's balance is provided.
Negative behavior
The transaction reverts when the
shares
value is zero.The transaction reverts when the
shares
value is less than the owner's balance.
Function call analysis
this.strategy.convertToAssets(assets)
What is controllable? The
assets
value.If the return value is controllable, how is it used and how can it go wrong? No impact.
What happens if it reverts, reenters or does other unusual control flow? If reentrancy is possible, it may lead to an increase in the
totalSupply()
value through repetitive calls to theharvest
function, potentially resulting in the permanent freezing of funds.
SafeERC20.safeTransfer(IERC20(address(this.strategy)), receiver, assets)
What is controllable? The
assets
value and thereceiver
value.If the return value is controllable, how is it used and how can it go wrong? No impact.
What happens if it reverts, reenters or does other unusual control flow? While a reentrancy scenario is possible, it may not provide sufficient incentive for an attack, as shares are burned in advance.
this.strategy.redeem(assets, receiver, address(this))
What is controllable? The
assets
value and thereceiver
value.If the return value is controllable, how is it used and how can it go wrong? No impact.
What happens if it reverts, reenters or does other unusual control flow? While a reentrancy scenario is possible, it may not provide sufficient incentive for an attack, as shares are burned in advance.
this.strategy.convertToAssets(this.totalAssets())
What is controllable? It is uncontrollable.
If the return value is controllable, how is it used and how can it go wrong? The fee process can be maliciously manipulated.
What happens if it reverts, reenters or does other unusual control flow? While a reentrancy scenario is possible, it may not provide sufficient incentive for an attack, as shares are burned in advance.