Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Y2K Finance>Threat Model>_bridgeWithHop
GeneralOverview
Findings
Critical (1)
High (3)
Medium (4)
Low (5)
Informational (1)
DiscussionVariable naming suggestionDocumentation contains additional parameterThe function `_swapUniswapV2` can be rewrittenLayerZero configurationUse Non-blocking pattern instead of blocking pattern in lzReceiveUse reentrancy guards in deposit and withdraw functions
Threat ModelWhat are threat models?ERC4626.solHookAave.solHookAaveFixYield.solQueueContract.solStrategyVault.solSwapRouter.sol
bridgeController.sol_bridgeToSource_bridgeWithCeler_bridgeWithHop_bridgeWithHyphen
curve.solswapController.soluniswapV2.soluniswapV3.solvaultController.solzapDest.solzapFrom.sol
Audit ResultsSummary

Function: _bridgeWithHop(address _receiver, address _token, uint256 _amount, uint16 _srcChainId, uint256 maxSlippage, uint256 bonderFee)

This bridges with Hop.

Inputs

  • _receiver

    • Constraints: No constraints.

    • Impact: The address to receive the bridged tokens.

  • _token

    • Constraints: No constraints.

    • Impact: The address of the token to bridge.

  • _amount

    • Constraints: No constraints.

    • Impact: The amount of the token to bridge.

  • _srcChainId

    • Constraints: No constraints.

    • Impact: The ID of the chain the token is being bridged from.

  • maxSlippage

    • Constraints: Should be less than or equal to 10,000.

    • Impact: The max slippage allowed for the bridge --- input of 100 would be 1% slippage.

  • bonderFee

    • Constraints: No constraints.

    • Impact: The fee to pay the bonder.

Branches and code coverage (including function calls)

Intended branches

  • The function calculates amountOutMin correctly based on maxSlippage.

  • The function approves the bridgeAddress to spend _amount of _token.

  • The function call to HopBridge succeeds without reverting.

Negative behavior

  • The function reverts if bridgeAddress is address(0).

  • The function reverts if the approval for bridgeAddress fails.

  • The function reverts if maxSlippage is greater than 10,000.

  • The function reverts if the external call to HopBridge reverts.

Function call analysis

  • ERC20(_token).safeApprove(bridgeAddress, _amount)

    • What is controllable? _token and _amount.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? If this reverts, the entire call fails --- no reentrancy issues.

  • IHopBridge(bridgeAddress).swapAndSend(_srcChainId, _receiver, _amount, bonderFee, amountOutMin, deadline, (amountOutMin * 998) / 1000, deadline)

    • What is controllable? _srcChainId, _receiver, _amount, bonderFee, and amountOutMin.

    • If return value controllable, how is it used and how can it go wrong? The return value is not controlled, but its impact is significant as it bridges the tokens; incorrect values could lead to incorrect token transfers.

    • What happens if it reverts, reenters, or does other unusual control flow? If this reverts, the entire call fails --- no reentrancy issues.

Zellic © 2025Back to top ↑