Assessment reportsPublic findings
Back to Zellic site
Assessment reports>TruFin Injective Staker>Threat Model>Message: ExecuteMsg::CompoundRewards
GeneralOverview
Findings
Medium (1)
Informational (1)
Threat ModelWhat are threat models?
Injective-staker-contractMessage: ExecuteMsg::AddAgentMessage: ExecuteMsg::AddUserToBlacklistMessage: ExecuteMsg::AddUserToWhitelistMessage: ExecuteMsg::AddValidatorMessage: ExecuteMsg::AllocateMessage: ExecuteMsg::ClaimOwnershipMessage: ExecuteMsg::ClaimMessage: ExecuteMsg::AddUserToWhitelistMessage: ExecuteMsg::CompoundRewardsMessage: ExecuteMsg::DeallocateMessage: ExecuteMsg::DisableValidatorMessage: ExecuteMsg::DistributeAllMessage: ExecuteMsg::SetDistributionFeeMessage: ExecuteMsg::DistributeRewardsMessage: ExecuteMsg::EnableValidatorMessage: ExecuteMsg::PauseMessage: ExecuteMsg::SetPendingOwnerMessage: ExecuteMsg::RemoveAgentMessage: ExecuteMsg::SetDefaultValidatorMessage: ExecuteMsg::SetFeeMessage: ExecuteMsg::SetMinimumDepositMessage: ExecuteMsg::SetTreasuryMessage: ExecuteMsg::StakeToSpecificValidatorMessage: ExecuteMsg::StakeMessage: ExecuteMsg::UnpauseMessage: ExecuteMsg::UnstakeFromSpecificValidatorMessage: ExecuteMsg::Unstake
Audit ResultsAssessment Results

Message: ExecuteMsg::CompoundRewards

This restakes rewards from all validators and sweeps contract rewards back into the default validator while handling treasury fees.

Inputs

  • No explicit user inputs — the function operates based on the contract's internal state and validators.

Branches and code coverage (including function calls)

Intended branches

  • Successfully restake rewards and sweep contract rewards when rewards exist.

  • Calculate fees based on staker_info.fee and mint treasury shares if calculated fees are greater than zero.

Negative behavior

  • Return early if no rewards are available (total_rewards == 0).

Zellic © 2025Back to top ↑