Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>WOOFi Swap>Threat Model>_handleERC20Received
GeneralOverview
Findings
High (2)
Medium (3)
Low (2)
Informational (2)
DiscussionFunction `skimMulTokens` does not workThrowing Panic is not recommendedThe WooPPV2 contract doesn't need to be an admin
Threat ModelWhat are threat models?
WooCrossChainRouterV4.sol_bridgeByStargate_handleERC20Received_handleNativeReceivedclaimFeecrossSwapinCaseTokenGotStuckpausesgReceiveunpause
WooPPV2.solWooRouterV2.sol
Audit ResultsSummary

Function: _handleERC20Received(uint256 refId, address to, address toToken, address bridgedToken, uint256 bridgedAmount, uint256 minToAmount, Dst1inch dst1inch)

Handles received ERC-20 tokens via StarGate.

Inputs

  • refId

    • Control: Fully controlled by calling function.

    • Constraints: None.

    • Impact: The reference ID of the transaction.

  • to

    • Control: Fully controlled by calling function.

    • Constraints: None.

    • Impact: The address to send the bridged tokens to.

  • toToken

    • Control: Fully controlled by calling function.

    • Constraints: Checked whether it is the bridgedToken.

    • Impact: The token to send to the to address.

  • bridgedToken

    • Control: Fully controlled by calling function.

    • Constraints: Checked whether it is the toToken.

    • Impact: The token that was bridged.

  • bridgedAmount

    • Control: Fully controlled by calling function.

    • Constraints: None. Assumed to be correctly forwarded by StarGate.

    • Impact: The amount of the bridged token.

  • minToAmount

    • Control: Fully controlled by calling function.

    • Constraints: None. Assumed that checks are performed in the wooRouter.

    • Impact: The minimum amount of the toToken to receive.

  • dst1inch

    • Control: Fully controlled by calling function.

    • Constraints: None. Checked that it is not address(0).

    • Impact: The 1inch router to use for the swap.

Branches and code coverage

Intended branches

  • Check that realToAmount is greater than minToAmount. Currently not checked.

  • If toToken is the same as bridgedToken, transfer the bridged amount to the to address.

  • If toToken is not the same as bridgedToken, swap the bridged token to the toToken, specifying the to address as the recipient.

  • If either of the swaps did not succeed, transfer the bridged amount of tokens directly to the to address.

  • Ensure that adequate approvals are performed before calling the swap functions.

  • Ensure that approvals are removed after the swap is performed.

Negative behavior

  • The source address of the cross-chain transaction should be a WooCrossChainRouter on the source chain; this is currently not enforced at any level.

  • Caller should be the StarGate router. This is enforced at calling function level.

Zellic © 2025Back to top ↑