Assessment reportsPublic findings
Back to Zellic site
Assessment reports>TruFin Injective Staker>Threat Model>Message: ExecuteMsg::RemoveAgent
GeneralOverview
Findings
Medium (1)
Informational (1)
Threat ModelWhat are threat models?
Injective-staker-contractMessage: ExecuteMsg::AddAgentMessage: ExecuteMsg::AddUserToBlacklistMessage: ExecuteMsg::AddUserToWhitelistMessage: ExecuteMsg::AddValidatorMessage: ExecuteMsg::AllocateMessage: ExecuteMsg::ClaimOwnershipMessage: ExecuteMsg::ClaimMessage: ExecuteMsg::AddUserToWhitelistMessage: ExecuteMsg::CompoundRewardsMessage: ExecuteMsg::DeallocateMessage: ExecuteMsg::DisableValidatorMessage: ExecuteMsg::DistributeAllMessage: ExecuteMsg::SetDistributionFeeMessage: ExecuteMsg::DistributeRewardsMessage: ExecuteMsg::EnableValidatorMessage: ExecuteMsg::PauseMessage: ExecuteMsg::SetPendingOwnerMessage: ExecuteMsg::RemoveAgentMessage: ExecuteMsg::SetDefaultValidatorMessage: ExecuteMsg::SetFeeMessage: ExecuteMsg::SetMinimumDepositMessage: ExecuteMsg::SetTreasuryMessage: ExecuteMsg::StakeToSpecificValidatorMessage: ExecuteMsg::StakeMessage: ExecuteMsg::UnpauseMessage: ExecuteMsg::UnstakeFromSpecificValidatorMessage: ExecuteMsg::Unstake
Audit ResultsAssessment Results

Message: ExecuteMsg::RemoveAgent

This removes an agent from the whitelist.

Inputs

  • info.sender

    • Validation: The remove_agent function verifies that the info.sender is an existing agent.

    • Impact: Ensures only authorized agents can initiate the removal of other agents from the whitelist.

  • agent_to_remove

    • Validation: The agent_to_remove address is validated using deps.api.addr_validate. Additionally, the address must not belong to the owner and must already exist in the whitelist.

    • Impact: Specifies the agent to be removed, affecting the whitelist state.

Branches and code coverage (including function calls)

Intended branches

  • If the agent_to_remove address is valid, not the owner, and exists in the whitelist, it is removed.

Negative behavior

  • Fail if the info.sender is not an agent.

  • Fail if the agent_to_remove address is invalid.

  • Fail if the agent_to_remove address belongs to the owner.

  • Fail if the agent_to_remove address is not in the whitelist.

Zellic © 2025Back to top ↑