Assessment reportsPublic findings
Back to Zellic site
Assessment reports>TruFin Injective Staker>Threat Model>Message: ExecuteMsg::Unstake
GeneralOverview
Findings
Medium (1)
Informational (1)
Threat ModelWhat are threat models?
Injective-staker-contractMessage: ExecuteMsg::AddAgentMessage: ExecuteMsg::AddUserToBlacklistMessage: ExecuteMsg::AddUserToWhitelistMessage: ExecuteMsg::AddValidatorMessage: ExecuteMsg::AllocateMessage: ExecuteMsg::ClaimOwnershipMessage: ExecuteMsg::ClaimMessage: ExecuteMsg::AddUserToWhitelistMessage: ExecuteMsg::CompoundRewardsMessage: ExecuteMsg::DeallocateMessage: ExecuteMsg::DisableValidatorMessage: ExecuteMsg::DistributeAllMessage: ExecuteMsg::SetDistributionFeeMessage: ExecuteMsg::DistributeRewardsMessage: ExecuteMsg::EnableValidatorMessage: ExecuteMsg::PauseMessage: ExecuteMsg::SetPendingOwnerMessage: ExecuteMsg::RemoveAgentMessage: ExecuteMsg::SetDefaultValidatorMessage: ExecuteMsg::SetFeeMessage: ExecuteMsg::SetMinimumDepositMessage: ExecuteMsg::SetTreasuryMessage: ExecuteMsg::StakeToSpecificValidatorMessage: ExecuteMsg::StakeMessage: ExecuteMsg::UnpauseMessage: ExecuteMsg::UnstakeFromSpecificValidatorMessage: ExecuteMsg::Unstake
Audit ResultsAssessment Results

Message: ExecuteMsg::Unstake

This allows whitelisted users to unstake from the default validator.

Inputs

  • info.sender

    • Validation: The stake function verifies that the info.sender is a whitelisted address.

    • Impact: This is the address that unstakes the TruINJ and could claim the INJ.

  • amount

    • Validation: The internal_unstake function verifies that the value is greater than zero and less than the maximum assets that the user could withdraw.

    • Impact: The amount of assets to unstake.

Branches and code coverage (including function calls)

Intended branches

  • Calculates the exchange rate as per the total INJ staked, calculates the rewards and the contract rewards available, and creates a claim based on that exchange rate.

  • If the assets to unstake are greater than the validator's total staked assets, then the excess assets are taken from the CONTRACT_REWARDS, which is then updated.

  • The treasury is minted some fee (TruINJ) as a percentage of the validator rewards.

Negative behavior

  • The transaction should revert if the caller is not whitelisted.

  • The transaction should revert if the contract is paused.

  • The transaction should revert if the amount value is greater than the maximum value of assets that the user could withdraw, or it should revert if the shares to burn for that user are zero.

Zellic © 2025Back to top ↑