Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Sturdy>Threat Model>requestLiquidity
GeneralOverview
Findings
Low (1)
Informational (1)
DiscussionInefficient loop operations in DebtManagerCentralization risks
Threat ModelWhat are threat models?
DebtManager.soladdLendermanualAllocationremoveLenderrequestLiquiditysetAprOraclesetPairToLendersetWhitelistedGatewaysetZKVerifiersortLendersWithAPRzkAllocation
SiloGateway.sol
Audit ResultsSummary

Function: requestLiquidity(uint256 _amount, address _pair)

This processes the just-in-time liquidity.

Inputs

  • _amount

    • Control: Full.

    • Constraints: N/A.

    • Impact: The required liquidity amount.

  • _pair

    • Control: Full.

    • Constraints: Only whitelisted gateways can request liquidity in case of borrow.

    • Impact: The silo address.

Branches and code coverage (including function calls)

Intended branches

  • User successfully triggers requestLiquidity for just in-time liquidity.

Negative behavior

  • Function reverts if caller is not whitelisted.

  • FUnction reverts if there is no mapping between silo and strategy

  • Function reverts if the sum of requestingLenderData.current_debt and _amount is not less than requestingLenderData.max_debt - 1.

  • Function reverts if the sum of requestingLenderData.current_debt and _amount is not less than the total assets of the aggregator (aggregator.totalAssets()).

  • Function reverts if requiredAmount is not equal to zero at the end of the process of withdrawal from other lenders to fill the required amount.

Function call analysis

  • rootFunction -> aggregator.strategies(address)

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • rootFunction -> aggregator.totalAssets()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • rootFunction -> aggregator.totalIdle()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • rootFunction -> aggregator.minimum_total_idle()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • rootFunction -> aggregator.assess_share_of_unrealised_losses(address, uint256)

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • rootFunction -> aggregator.process_report(address)

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • rootFunction -> aggregator.update_debt(address, uint256)

    • What is controllable? _amount in requestingLenderData.current_debt + _amount, which is the target_debt.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

Zellic © 2025Back to top ↑