Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>WOOFi Swap>Threat Model>externalSwap
GeneralOverview
Findings
High (2)
Medium (3)
Low (2)
Informational (2)
DiscussionFunction `skimMulTokens` does not workThrowing Panic is not recommendedThe WooPPV2 contract doesn't need to be an admin
Threat ModelWhat are threat models?WooCrossChainRouterV4.solWooPPV2.sol
WooRouterV2.solexternalSwapreceiveswap
Audit ResultsSummary

Function: externalSwap(address approveTarget, address swapTarget, address fromToken, address toToken, uint256 fromAmount, uint256 minToAmount, address payable to, bytes data)

Performs a swap between two tokens using external (i.e., not WOOFI) swapTarget.

Inputs

  • approveTarget

    • Control: Fully controlled by the caller.

    • Constraints: Has to be whitelisted.

    • Impact: The address to approve tokens for.

  • swapTarget

    • Control: Fully controlled by the caller.

    • Constraints: Has to be whitelisted.

    • Impact: The address that swaps the tokens.

  • fromToken

    • Control: Fully controlled by the caller.

    • Constraints: msg.sender needs to have enough balance.

    • Impact: The token to swap from.

  • toToken

    • Control: Fully controlled by the caller.

    • Constraints: address(this) needs to have enough balance.

    • Impact: The token to swap to.

  • fromAmount

    • Control: Fully controlled by the caller.

    • Constraints: msg.sender needs to have enough balance of fromToken.

    • Impact: The amount of fromToken to swap.

  • minToAmount

    • Control: Fully controlled by the caller.

    • Constraints: Checked that the returned toTokens are greater than or equal to this value.

    • Impact: The minimum amount of toToken to receive.

  • to

    • Control: Fully controlled by the caller.

    • Constraints: None. Checked that it is not the zero address.

    • Impact: The destination address to send the swapped tokens to.

  • data

    • Control: Fully controlled by the caller.

    • Constraints: None.

    • Impact: The data to pass to the swapTarget.

Branches and code coverage

Intended branches

  • Ensure that approveTarget is not the zero address.

  • Ensure that swapTarget is not the zero address.

  • Ensure that fromToken is not the zero address.

  • Ensure that toToken is not the zero address.

  • Ensure that to is not the zero address.

  • Ensure that approveTarget is whitelisted.

  • Ensure that swapTarget is whitelisted.

  • If fromToken is not ETH, transfer fromAmount from the msg.sender and approve it to approveTarget.

  • Call swapTarget with the provided data that facilitates the swap.

  • Ensure the swap call was successful.

  • Assure that the post balance of toToken is greater than or equal to the pre balance.

  • Ensure that the realToAmount is greater than or equal to the minToAmount and greater than zero.

  • Forward the recently swapped tokens to the to address.

Negative behavior

  • Should not reenter.

Zellic © 2025Back to top ↑