Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Tradoor>Threat Model>Message: ListToken
GeneralOverview
Findings
High (1)
Medium (1)
Low (1)
Informational (4)
DiscussionTest suiteUnused isPending flag on perpetual ordersLimited contract storage enables denial-of-service attacks
Threat ModelWhat are threat models?
1-usdt_pool.tactMessage: ListTokenMessage: CancelPerpOrderMessage: ExecutePerpOrderMessage: LiquidatePerpPositionMessage: ADLPerpPositionMessage: UpdateBaseConfigMessage: SetManagerMessage: JettonUpdateContentMessage: DelistTokenMessage: ClaimProtocolFeeMessage: FeedPricesMessages: CreateCompensate and ExecuteOrCancelCompensateMessage: JettonTransferNotificationMessage: CancelLiquidityOrderMessage: ExecuteLiquidityOrderMessage: CreateDecreasePerpOrderMessage: CreateTpSlPerpOrder
2-ton_pool.tact
Audit ResultsAssessment Results

Message: ListToken

This message allows to list a new token or edit the configuration of an existing asset, setting parameters including the token name, whether the asset is enabled, the maximum leverage, liquidation, and trading fees.

The message is only accepted if sent by the pool manager.

Inputs

The incoming message has the following structure:

message ListToken { tokenId: Int as uint16; config: TokenConfig; }

  • tokenId

    • Validation: None.

    • Impact: Unique ID identifying the token to be added or edited.

  • config

    • Validation: None.

    • Impact: Specifies several configuration parameters of the given token.

The config allows to specify the following parameters:

struct TokenConfig { name: String; enable: Bool; // ==================== Trader Position Config ==================== maxLeverage: Int as uint16; liquidationFee: Int as coins; maintenanceRate: Int as uint32; // ==================== Trading Fee Config ==================== tradingFeeRate: Int as uint32; lpTradingFeeRate: Int as uint32; }

  • name: Name of the asset.

  • enable: Specifies whether the asset is enabled — perpetual positions for disabled assets cannot be increased, decreased, or liquidated.

  • maxLeverage: Maximum leverage allowed for perpetual positions in this specific asset.

  • liquidationFee: Flat USDT liquidation fee taken from the owner of an unhealthy position when liquidated.

  • maintenanceRate: Percentage rate required for perpetual positions to be considered healthy.

  • tradingFeeRate: Fee charged to the user when entering or exiting a position. The rate is a percentage of the total position size.

  • lpTradingFeeRate: Percentage of the trading fees distributed to the liquidity providers — the rest of the trading fees are taken by the pool owner.

Test coverage

The basic logic of the message handler is executed by the test-harness setup. However, the function is not individually tested. The test suite also does not contain any negative tests, including for instance a check that ensures only authorized senders are allowed.

Intended branches

Negative behavior

Zellic © 2025Back to top ↑