Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Takara Lend Contracts>Threat Model>Component: Comptroller
GeneralOverview
Findings
Critical (1)
High (2)
Medium (1)
Low (4)
Informational (3)
DiscussionMisleadingly named liquidatable global flagUnused added constants in TTokenStoragePotential revert griefing in the liquidation flow
Threat ModelComponent: ComptrollerComponent: ErrorReporterComponents: TErc20Delegator, TErc20, and TTokenComponent: JumpRateModelComponent: RateComponent: Oracle contractsComponent: Utility contracts
Audit ResultsAssessment Results

Component: Comptroller

Description

The Comptroller contract is called by other components of the system to centrally implement restrictions and liquidity calculations. It also manages cross-liquidity, which is the automatic sharing of collateral, along with liquidatability, between all of a user's longs and shorts.

Modifications

  • An address blacklist was implemented, and blacklist checks were added to most of the operations. Blacklisted addresses cannot mint, redeem, borrow, or repay. The positions owned by blacklisted addresses should, as they accrue interest, eventually be liquidatable. However, Finding ref currently makes this impossible.

  • A borrow guardian and a redeem guardian were added. Both the pauseGuardian role and the admin role can separately pause borrowing and redeeming on specific TTokens.

  • An optional liquidator whitelist was added. When a flag on the Comptroller is enabled, the whitelist prevents nonwhitelisted liquidators from liquidating any positions.

  • The function enterAllMarkets that whitelisted markets can call was added, which causes a minter to be added to all of the nondeprecated markets managed by this Comptroller.

Test coverage

Cases covered

  • testBlakcList()

    • Return error in mint() if the minter is blacklisted.

    • Return error in redeem() if the redeemer is blacklisted.

    • Return error in borrow() if the borrower is blacklisted.

    • Successfully mint if the minter is not blacklisted.

  • testRedemptionPaused()

    • Successfully redeem if the redeem is not paused.

  • enterAllMarkets()

    • Enter all markets.

    • Revert if the sender is not a TToken contract.

  • testGlobalPaused()

    • Revert in mint() if mint is paused.

    • Revert in redeem() if redeem is paused.

    • Revert in borrow() if borrow is paused.

  • testProtocalProtectedAccount()

    • Revert in triggerLiquidation() if the caller is neither the admin nor pause guardian.

Cases not covered

  • No test for enterMarkets() if borrowGuardianPaused is true.

  • No test for redeem() if redeemAllowedInternal is true.

  • No test for enterAllMarkets() if borrowing is paused.

  • No test for the liquidation if the market is deprecated.

  • No test for the liquidation if liquidatable is enabled and the liquidator is whitelisted.

  • Incorrect test-result check if liquidatable is enabled and the liquidator is not whitelisted.

Attack surface

Blacklist or pause feature may be used to bypass the protocol's functionality.

Zellic © 2025Back to top ↑