Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>WOOFi Swap>Threat Model>_swapBaseToBase
GeneralOverview
Findings
High (2)
Medium (3)
Low (2)
Informational (2)
DiscussionFunction `skimMulTokens` does not workThrowing Panic is not recommendedThe WooPPV2 contract doesn't need to be an admin
Threat ModelWhat are threat models?WooCrossChainRouterV4.sol
WooPPV2.sol_sellBase_sellQuote_swapBaseToBaseclaimFeedepositinCaseTokenGotStuckmigrateToNewPool
WooRouterV2.sol
Audit ResultsSummary

Function: _swapBaseToBase(address baseToken1, address baseToken2, uint256 base1Amount, uint256 minBase2Amount, address to, address rebateTo)

Allows swapping between two base tokens.

Inputs

  • baseToken1

    • Control: Controlled by calling function.

    • Constraints: Checked to be different than zero and quoteToken.

    • Impact: The base token to swap from.

  • baseToken2

    • Control: Controlled by calling function.

    • Constraints: Checked to be different than zero and quoteToken.

    • Impact: The base token to swap to.

  • base1Amount

    • Control: Controlled by calling function.

    • Constraints: Checks that current balance is above that minus reserve.

    • Impact: The amount of baseToken1 to swap.

  • minBase2Amount

    • Control: Controlled by calling function.

    • Constraints: Checked to be above the amount of baseToken2 that has to be received.

    • Impact: The minimum amount of baseToken2 to receive.

  • to

    • Control: Controlled by calling function.

    • Constraints: Checked to be different than zero.

    • Impact: The address to send the swapped baseToken2 to.

  • rebateTo

    • Control: Controlled by calling function.

    • Constraints: None.

    • Impact: The address to send the rebate to.

Branches and code coverage

Intended branches

  • Ensure that the spread changes after each of the swaps. Currently not enforced.

  • Ensure that baseToken1 is not zero or the quoteToken.

  • Ensure that baseToken2 is not zero or the quoteToken.

  • Ensure that to is not zero.

  • Ensure that the current balance minus the reserve is above base1Amount (i.e., that tokens have been transferred beforehand).

  • Should post the new price of baseToken1 after the first swap on the wooOracle.

  • Should calculate the swap fee and account for it in the unclaimedFee.

  • Update the reserves of the quote and base tokens.

  • Should post the new price of the baseToken2 after the second swap on the wooOracle.

  • Should transfer the resulting base2Amount worth of baseToken2 to the to address.

Negative behavior

  • Should not be callable when the contract is paused.

  • Should not re-enter.

  • Should not allow swapping between the same tokens.

  • Should not allow performing the swap if no tokens have been transferred beforehand. Ensured in the require on balance check.

  • Should not allow a swap if minBase2Amount is not met.

Zellic © 2025Back to top ↑