Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Wasabi>Threat Models>burnOption
GeneralOverview
Findings
High (4)
Medium (3)
DiscussionAbstractWasabiPool should use upgradable variants of OpenZeppelin contractsPut options operate on entire collectionsPools require well-behaved NFTs
Threat ModelsWhat are threat models?AbstractWasabiPool.solWasabiOption
WasabiPoolFactory.solburnOptioncreateERC20PoolcreatePool
Audit ResultsSummary

Function: burnOption(uint256 _optionId)

A registered pool can burn an option.

Inputs

  • _optionId

    • Control: User has full control over this input.

    • Constraints: Any optionID can be passed in.

    • Impact: Any option can be burned.

Branches and code coverage (including function calls)

Intended branches

Negative behavior

Function call analysis

  • burnOption -> options.burn(_optionId)

    • What is controllable? The optionID given the msg.sender is a valid pool.

    • If return value controllable, how is it used and how can it go wrong? No return value.

    • What happens if it reverts, reenters, or does other unusual control flow? Reentrancy is not an issue as this function is only permissible by a valid pool address. Option not burned under revert scenario and no unusual control flow because the option contract does not implement the virtual function _beforeTokenTransfer.

Zellic © 2024Back to top ↑