Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Takara Lend Contracts>Threat Model>Components: TErc20Delegator, TErc20, and TToken
GeneralOverview
Findings
Critical (1)
High (2)
Medium (1)
Low (4)
Informational (3)
DiscussionMisleadingly named liquidatable global flagUnused added constants in TTokenStoragePotential revert griefing in the liquidation flow
Threat ModelComponent: ComptrollerComponent: ErrorReporterComponents: TErc20Delegator, TErc20, and TTokenComponent: JumpRateModelComponent: RateComponent: Oracle contractsComponent: Utility contracts
Audit ResultsAssessment Results

Components: TErc20Delegator, TErc20, and TToken

Description

The TErc20 contract implements the market, including minting and borrowing, for an ERC-20 token as the underlying asset. It depends on the abstract TToken contract and serves as an implementation contract for the TErc20Delegator contract to delegate to.

Modifications

  • In the TErc20 contract, the sweepToken function was changed, likely unintentionally. See Finding ref.

  • The interest-rate calculation, including the variables borrowRatePerTimestamp and supplyRatePerTimestamp, were changed to be accounted per block, instead of per second.

  • A receive handler was added to the TErc20Delegator contract that allows zero-value empty calldata calls.

The following modifications were all made to the TToken contract:

  • Checks were added to transfer and transferFrom to not allow anyone but the admin to transfer tokens to the token address itself.

  • A call was added to the new Comptroller.enterAllMarkets function in order to enter all of the markets on behalf of anyone who mints tokens.

  • Removes the feature where a redemption of type(uint256).max tokens automatically selects the maximum amount of redeemable tokens to redeem, in order to simplify the redemption math.

Test coverage

No tests.

Attack surface

The attack surface is unchanged from the upstream implementation.

Zellic © 2025Back to top ↑