Assessment reportsPublic findings
Back to Zellic site
Assessment reports>STFX>Threat Models>claim
GeneralOverview
Findings
High (1)
Medium (4)
DiscussionCentralizationEighteen-decimal compliance
Threat ModelsWhat are threat models?spot.solswap.soltrade.sol
vesting.solclaim
vestingFactory.sol
Audit ResultsSummary

Function: claim()

A function allowing the recipient to claim the vested tokens.

Branches and code coverage (including function calls)

Intended branches

Negative behavior

Function call analysis

  • claim -> factory.token().transfer(recipient, claimAmount)

    • What is controllable? Nothing is controllable.

    • If return value controllable, how is it used and how can it go wrong? N/A, no return value.

    • What happens if it reverts, reenters, or does other unusual control flow? Token transfer can fail silently if the ERC20 corresponding to the factory token is implemented incorrectly. Check-effects-interactions is implemented correctly so reentrancy is not an issue.

Zellic © 2024Back to top ↑