Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic site

Assessment reports>SyncSwap>Threat Models>withdrawETH

GeneralOverview

Findings

DiscussionClassic pool Stable pool Attack surface evaluation

Threat ModelsWhat are threat models?

SyncSwapVault.sol deposit depositETH transfer transferAndDeposit withdraw withdrawAlternative withdrawETH

VaultFlashLoans.sol

Audit ResultsSummary

Function: `withdrawETH(address to, uint256 amount)`

Allows to withdraw ETH from the vault.

Inputs

to
- Control: Arbitrary.
- Constraints: None.
- Impact: Determines the recipient of the transfer.
amount
- Control: Arbitrary.
- Constraints: amount <= balances[NATIVE_ETH][msg.sender].
- Impact: Determines the amount to be transferred.

Branches and code coverage (including function calls)

Intended branches

Transfers the requested amount of ETH.

Test coverage

Negative behavior

Reverts if msg.sender balance is insufficient.

Negative test

Function call analysis

rootFunction -> TransferHelper.safeTransferETH(to, amount)
- What is controllable? to, amount.
- If return value controllable, how is it used and how can it go wrong? The return value of the internal call must be bool(true) or the transaction is reverted.
- What happens if it reverts, reenters, or does other unusual control flow? Reverts are bubbled up; reentrancy is prevented via the nonReentrant modifier.

Zellic © 2024Back to top ↑