Zellic - Audit Reports

Assessment reports Public findings

Back to Zellic site

Assessment reports>TruFin Injective Staker>Threat Model>Message: ExecuteMsg::Claim

GeneralOverview

Findings

Informational (1)

Threat ModelWhat are threat models?

Injective-staker-contract Message: ExecuteMsg::AddAgent Message: ExecuteMsg::AddUserToBlacklist Message: ExecuteMsg::AddUserToWhitelist Message: ExecuteMsg::AddValidator Message: ExecuteMsg::Allocate Message: ExecuteMsg::ClaimOwnership Message: ExecuteMsg::Claim Message: ExecuteMsg::AddUserToWhitelist Message: ExecuteMsg::CompoundRewards Message: ExecuteMsg::Deallocate Message: ExecuteMsg::DisableValidator Message: ExecuteMsg::DistributeAll Message: ExecuteMsg::SetDistributionFee Message: ExecuteMsg::DistributeRewards Message: ExecuteMsg::EnableValidator Message: ExecuteMsg::Pause Message: ExecuteMsg::SetPendingOwner Message: ExecuteMsg::RemoveAgent Message: ExecuteMsg::SetDefaultValidator Message: ExecuteMsg::SetFee Message: ExecuteMsg::SetMinimumDeposit Message: ExecuteMsg::SetTreasury Message: ExecuteMsg::StakeToSpecificValidator Message: ExecuteMsg::Stake Message: ExecuteMsg::Unpause Message: ExecuteMsg::UnstakeFromSpecificValidator Message: ExecuteMsg::Unstake

Audit ResultsAssessment Results

Message: `ExecuteMsg::Claim`

This allows a user to withdraw all their expired claims.

Inputs

info.sender
- Validation: The claim function verifies that the info.sender is a whitelisted address.
- Impact: The user that withdraws their claims.

Branches and code coverage (including function calls)

Intended branches

If the amount of claimed assets is greater than zero and the contract has the rewards available, then it transfers the assets to the user.
Test coverage

Negative behavior

Revert if there is nothing to claim.
Negative test
Revert if the contract does not have a sufficient amount to transfer to the user.
Negative test

Zellic © 2025Back to top ↑