Assessment reportsPublic findings
Back to Zellic site
Assessment reports>TruFin Injective Staker>Threat Model>Message: ExecuteMsg::Stake
GeneralOverview
Findings
Medium (1)
Informational (1)
Threat ModelWhat are threat models?
Injective-staker-contractMessage: ExecuteMsg::AddAgentMessage: ExecuteMsg::AddUserToBlacklistMessage: ExecuteMsg::AddUserToWhitelistMessage: ExecuteMsg::AddValidatorMessage: ExecuteMsg::AllocateMessage: ExecuteMsg::ClaimOwnershipMessage: ExecuteMsg::ClaimMessage: ExecuteMsg::AddUserToWhitelistMessage: ExecuteMsg::CompoundRewardsMessage: ExecuteMsg::DeallocateMessage: ExecuteMsg::DisableValidatorMessage: ExecuteMsg::DistributeAllMessage: ExecuteMsg::SetDistributionFeeMessage: ExecuteMsg::DistributeRewardsMessage: ExecuteMsg::EnableValidatorMessage: ExecuteMsg::PauseMessage: ExecuteMsg::SetPendingOwnerMessage: ExecuteMsg::RemoveAgentMessage: ExecuteMsg::SetDefaultValidatorMessage: ExecuteMsg::SetFeeMessage: ExecuteMsg::SetMinimumDepositMessage: ExecuteMsg::SetTreasuryMessage: ExecuteMsg::StakeToSpecificValidatorMessage: ExecuteMsg::StakeMessage: ExecuteMsg::UnpauseMessage: ExecuteMsg::UnstakeFromSpecificValidatorMessage: ExecuteMsg::Unstake
Audit ResultsAssessment Results

Message: ExecuteMsg::Stake

This allows whitelisted users to stake their INJ on the default validator.

Inputs

  • info.sender

    • Validation: The stake function verifies that the info.sender is a whitelisted address.

    • Impact: This is the address that recieves TruINJ.

  • info.funds

    • Validation: The internal_stake function verifies that exactly one coin (INJ) was sent.

    • Impact: The amount of assets to stake.

Branches and code coverage (including function calls)

Intended branches

  • Calculates the exchange rate as per the total INJ staked, calculates the rewards and the contract rewards available, and mints shares to the user based on that exchange rate.

  • The rewards from the validator are increased in the CONTRACT_REWARDS storage to be used later.

  • The treasury is minted some fee (TruINJ) as a percentage of the validator rewards.

Negative behavior

  • The transaction should revert if the caller is not whitelisted.

  • The transaction should revert if the contract is paused.

  • The transaction should revert if the amount of INJ staked is less than the min_deposit.

Zellic © 2025Back to top ↑