Assessment reports
Public findings
Back to Zellic site
↗
Assessment reports
>
WOOFI Stake
>
Threat Model
>
unstakeAll
General
Overview
Findings
Critical (1)
Medium (2)
Low (1)
Discussion
Instant withdraw cap can be bypassed
Similarities to ERC-4626 first-deposit issue
Slippage check not performed during compoundReward function
Threat Model
What are threat models?
BaseStrategy.sol
StrategyAave.sol
VaultV2.sol
WooLendingManager.sol
WooStakingCompounder.sol
WooStakingController.sol
WooStakingLocal.sol
compoundAll
compoundMP
emergencyUnstake
inCaseTokenGotStuck
setAutoCompound
stake
unstake
unstakeAll
WooStakingManager.sol
WooStakingProxy.sol
WooSuperChargerVaultV2.sol
WooWithdrawManagerV2.sol
Audit Results
Assessment Results
Function:
unstakeAll()
This is a utility function to unstake the entire balance for the caller.
Zellic © 2024
Back to top ↑