Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Sturdy>Threat Model>borrowAsset
GeneralOverview
Findings
Low (1)
Informational (1)
DiscussionInefficient loop operations in DebtManagerCentralization risks
Threat ModelWhat are threat models?DebtManager.sol
SiloGateway.solborrowAssetsetUtilizationLimit
Audit ResultsSummary

Function: borrowAsset(address _silo, uint256 _borrowAmount, uint256 _collateralAmount, address _collateralAsset, address _receiver)

This borrows asset from _silo.

Inputs

  • _silo

    • Control: Full.

    • Constraints: Needs to be a valid _silo address.

    • Impact: The _silo address.

  • _borrowAmount

    • Control: Full.

    • Constraints: N/A.

    • Impact: The borrowing amount.

  • _collateralAmount

    • Control: Full.

    • Constraints: N/A (delegated to silo).

    • Impact: The collateral amount.

  • _collateralAsset

    • Control: Full.

    • Constraints: Needs to be the same as the silo's asset (not enforced by gateway).

    • Impact: The collateral asset address.

  • _receiver

    • Control: Full.

    • Constraints: Needs to be a valid address.

    • Impact: The receiver address of borrowing asset.

Branches and code coverage (including function calls)

Intended branches

  • User successfully borrows asset from _silo with _collateralAmount being greater than zero.

  • User successfully borrows asset from _silo with _collateralAmount being equal to zero.

  • User successfully borrows asset from _silo with _borrowAmount being equal to zero.

Negative behavior

  • Function reverts when _silo is not a valid address.

  • Function reverts when _collateralAsset is not the same as the silo's asset.

  • Function reverts when _receiver is not a valid address.

  • Function reverts when totalAsset amounts to zero.

Function call analysis

  • rootFunction -> ISilo(address).totalAsset()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? It can go wrong by amounting to be zero.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • rootFunction -> ISilo(address).totalBorrow()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • rootFunction -> ISilo(address).asset()

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? It can go wrong by not being equal to address(asset).

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • rootFunction -> manager.getLenderFromPair(address)

    • What is controllable? _silo address.

    • If return value controllable, how is it used and how can it go wrong? It can go wrong by being equal to address(0).

    • What happens if it reverts, reenters, or does other unusual control flow?: N/A.

  • rootFunction -> manager.requestLiquidity(uint256, address)

    • What is controllable? _silo address.

    • If return value controllable, how is it used and how can it go wrong? The entire borrowAsset transaction will revert.

    • What happens if it reverts, reenters, or does other unusual control flow? N/A.

  • rootFunction -> ISilo(address).borrowAsset(uint256, uint256, address)

    • What is controllable? _silo address, _borrowAmount, _collateralAmount, and _receiver.

    • If return value controllable, how is it used and how can it go wrong? It can go wrong if _collateralAsset is not the same as the silo's asset.

    • What happens if it reverts, reenters, or does other unusual control flow? The entire borrowAsset transaction will revert.

Zellic © 2025Back to top ↑