Assessment reports>WOOFi Swap>Threat Model>_handleNativeReceived

Function: _handleNativeReceived(uint256 refId, address to, address toToken, uint256 bridgedAmount, uint256 minToAmount, Dst1inch dst1inch)

Handles the receipt of native via StarGate.

Inputs

  • refId

    • Control: Fully controlled by calling function.

    • Constraints: None.

    • Impact: The reference ID of the transaction.

  • to

    • Control: Fully controlled by calling function.

    • Constraints: None.

    • Impact: The address to send the bridged tokens to.

  • toToken

    • Control: Fully controlled by calling function.

    • Constraints: Checked whether it is the ETH_PLACEHOLDER_ADDR.

    • Impact: The token to send to the to address.

  • bridgedAmount

    • Control: Fully controlled by calling function.

    • Constraints: None. Assumed to be correctly forwarded by StarGate.

    • Impact: The amount of the bridged token.

  • minToAmount

    • Control: Fully controlled by calling function.

    • Constraints: None. Assumed that checks are performed in the wooRouter.

    • Impact: The minimum amount of the toToken to receive.

  • dst1inch

    • Control: Fully controlled by calling function.

    • Constraints: None. Checked that it is not address(0).

    • Impact: The 1inch router to use for the swap.

Branches and code coverage

Intended branches

  • Check that realToAmount is greater than minToAmount. Currently not checked.

  • If the toToken is ETH_PLACEHOLDER_ADDR, directly transfer the bridged amount as the native token, then return to exit early.

  • If the toToken is not ETH_PLACEHOLDER_ADDR, wrap it as WETH, then swap it to the toToken if required.

  • If the toToken is not ETH_PLACEHOLDER_ADDR, and either of the swaps did not succeed, transfer the bridged amount as WETH to the to address.

  • Ensure that adequate approvals are performed before calling the swap functions.

  • Ensure that approvals are removed after the swap is performed.

Negative behavior

  • The source address of the cross-chain transaction should be a WooCrossChainRouter on the source chain; this is currently not enforced at any level.

  • Caller should be the StarGate router. This is enforced at calling function level.

Zellic © 2024Back to top ↑