Assessment reportsPublic findings
Back to Zellic site
Assessment reports>STFX>Threat Models>closeSpotByAdmin
GeneralOverview
Findings
High (1)
Medium (4)
DiscussionCentralizationEighteen-decimal compliance
Threat ModelsWhat are threat models?spot.solswap.sol
trade.solchangeStfxSpotchangeStfxSwapcloseSpotcloseSpotByAdminFunction: openSpot(uint96 amount, bytes calldata commands, bytes[] calldata inputs, uint256 deadline)
vesting.solvestingFactory.sol
Audit ResultsSummary

Function: closeSpotByAdmin(byte[] commands, byte[][] inputs, byte[32] salt)

Closes a spot position. This is done automatically by an EOA keeper bot with the admin role. When an admin closes a spot position, there are no checks for the status before closing it. The salt is also specified as an input, instead of being fetched from a mapping based on msg.sender, and the deadline is hardcoded to 0. A deadline as 0 makes the Swap contract call the execute function that does not use deadline.

Otherwise, this function has the same threat model as closeSpot(bytes calldata commands, bytes[] calldata inputs, uint256 deadline). The threat model below will only explain the differences.

Inputs

  • commands

  • inputs

  • salt

    • Control: Full.

    • Constraints: Must be a valid salt for an STF or it will become an empty struct and ERC20 functions on it will fail.

    • Impact: Decides which STF to close and distribute.

Branches and code coverage (including function calls)

Intended branches

  • Closed by an admin.

Negative behavior

  • Attempted close by nonadmin.

Zellic © 2024Back to top ↑