Assessment reportsPublic findings
Back to Zellic site
Assessment reports>WOOFI Stake>Threat Model>unstake
GeneralOverview
Findings
Critical (1)
Medium (2)
Low (1)
DiscussionInstant withdraw cap can be bypassedSimilarities to ERC-4626 first-deposit issueSlippage check not performed during compoundReward function
Threat ModelWhat are threat models?BaseStrategy.solStrategyAave.solVaultV2.solWooLendingManager.solWooStakingCompounder.solWooStakingController.sol
WooStakingLocal.solcompoundAllcompoundMPemergencyUnstakeinCaseTokenGotStucksetAutoCompoundstakeunstakeunstakeAll
WooStakingManager.solWooStakingProxy.solWooSuperChargerVaultV2.solWooWithdrawManagerV2.sol
Audit ResultsAssessment Results

Function: unstake(uint256 _amount)

This unstakes some amount on behalf of the sender.

Inputs

  • _amount

    • Control: Fully controlled by the caller.

    • Constraints: Cannot exceed the caller's staked balance.

    • Impact: The amount to unstake.

Zellic © 2025Back to top ↑