Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Staking>Threat Model>deposit
GeneralOverview
Findings
High (1)
Medium (1)
Informational (2)
DiscussionDeployment failure could waste gasTesting coverage assessment
Threat ModelWhat are threat models?BonusDistributor.solRewardDistributor.solRewardTracker.solStakingAdmin.solStakingRouter.sol
Vester.solclaimdepositwithdraw
VesterNoReserve.sol
Audit ResultsSummary

Function: deposit(uint256 _amount)

Deposits and vests tokens.

Inputs

  • _amount

    • Control: Full.

    • Constraints: None.

    • Impact: Amount of tokens.

Branches and code coverage (including function calls)

Intended branches

  • Deposits the user's tokens and mints them the vested equivalent.

Negative behavior

  • Does not allow user to vest more than the max vestable amount.

Function call analysis

  • `deposit() -> _deposit() -> _updateVesting(...) -> _burn(account, amount)

    • What is controllable? Nothing.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

    • If return value is controllable, how is it used and how can it go wrong: Discarded.

  • deposit() -> _deposit() -> _updateVesting(...) -> IRestrictedToken(esToken).burn(_account, amount)

    • What is controllable? Nothing.

    • What happens if it reverts, reenters, or does other unusual control flow? User does not have enough tokens.

    • If return value is controllable, how is it used and how can it go wrong: Discarded.

  • deposit() -> _deposit() -> esToken.safeTransferFrom(_account, address(this), _amount)

    • What is controllable? Amount.

    • What happens if it reverts, reenters, or does other unusual control flow? User does not have enough tokens.

    • If return value is controllable, how is it used and how can it go wrong: Discarded.

  • deposit() -> _deposit() -> getMaxVestableAmount -> IRewardTracker(rewardTracker).cumulativeRewards(_account)

    • What is controllable? Amount.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

    • If return value is controllable, how is it used and how can it go wrong: Discarded.

  • deposit() -> _deposit() -> getMaxVestableAmount -> IRewardTracker(rewardTracker).averageStakedAmounts(_account)

    • What is controllable? Nothing.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

    • If return value is controllable, how is it used and how can it go wrong: Discarded.

  • deposit() -> _deposit() -> getMaxVestableAmount -> IRewardTracker(rewardTracker).cumulativeRewards(_account)

    • What is controllable? Amount.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

    • If return value is controllable, how is it used and how can it go wrong: Discarded.

Zellic © 2024Back to top ↑