Assessment reportsPublic findings
Back to Zellic site
Assessment reports>STFX>Threat Models>changeStfxSpot
GeneralOverview
Findings
High (1)
Medium (4)
DiscussionCentralizationEighteen-decimal compliance
Threat ModelsWhat are threat models?spot.solswap.sol
trade.solchangeStfxSpotchangeStfxSwapcloseSpotcloseSpotByAdminFunction: openSpot(uint96 amount, bytes calldata commands, bytes[] calldata inputs, uint256 deadline)
vesting.solvestingFactory.sol
Audit ResultsSummary

Function: changeStfxSpot(address _spot)

Setter for the internal Spot contract. Can only be changed by the current Spot owner. Allows upgrading the Spot implementation. Great care must be taken to ensure that the new spot has the correct ABI and owner or this can never be called again.

Inputs

  • _spot

    • Control: Full.

    • Constraints: Must be nonzero.

    • Impact: The Spot implementation to use.

Branches and code coverage (including function calls)

Intended branches

  • Can be called existing spot.

Negative behavior

  • Disallows zero address.

  • Disallows other addresses that are not the current spot.

Function call analysis

  • changeStfxSpot -> spot.owner()

    • What is controllable? Nothing.

    • If return value controllable, how is it used and how can it go wrong? If the current spot is a bad contract without an owner property, future spot changes will fail.

    • What happens if it reverts, reenters, or does other unusual control flow? In a state where it reverts, the implementation can no longer be upgraded.

Zellic © 2024Back to top ↑