Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Y2K Finance>Threat Model>_swapEth
GeneralOverview
Findings
Critical (1)
High (3)
Medium (4)
Low (5)
Informational (1)
DiscussionVariable naming suggestionDocumentation contains additional parameterThe function `_swapUniswapV2` can be rewrittenLayerZero configurationUse Non-blocking pattern instead of blocking pattern in lzReceiveUse reentrancy guards in deposit and withdraw functions
Threat ModelWhat are threat models?ERC4626.solHookAave.solHookAaveFixYield.solQueueContract.solStrategyVault.solSwapRouter.solbridgeController.sol
curve.sol_multiSwap_swap_swapEth_swapWithCurvezapInMulti
swapController.soluniswapV2.soluniswapV3.solvaultController.solzapDest.solzapFrom.sol
Audit ResultsSummary

Function: _swapEth(address fromToken, address toToken, address pool, uint256 i, uint256 j, uint256 fromAmount, uint256 toAmountMin)

This swaps on Curve with the logic for an ETH pool.

Inputs

  • fromToken

    • Constraints: No constraints.

    • Impact: The token being swapped from.

  • toToken

    • Constraints: No constraints.

    • Impact: The token being swapped to.

  • pool

    • Constraints: No constraints.

    • Impact: The Curve pool being swapped with.

  • i

    • Constraints: No constraints.

    • Impact: The index of the fromToken in the Curve pool.

  • j

    • Constraints: No constraints.

    • Impact: The index of the toToken in the Curve pool.

  • fromAmount

    • Constraints: No constraints.

    • Impact: The amount of fromToken to swap.

  • toAmountMin

    • Constraints: No constraints.

    • Impact: The minimum amount of toToken to receive from the swap.

Branches and code coverage (including function calls)

Intended branches

  • The swap on Curve succeeds with the given parameters.

Negative behaviour

  • The swap on Curve fails if output tokens are less than toAmountMin.

Function call analysis

  • ERC20(fromToken).safeApprove(pool, fromAmount)

    • What is controllable? fromToken, pool, and fromAmount.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? If this reverts, the entire call fails --- no reentrancy issues.

  • ERC20(toToken).balanceOf(address(this))

    • What is controllable? toToken.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? If this reverts, the entire call fails --- no reentrancy issues.

  • ICurvePair(pool).exchange(i, j, fromAmount, toAmountMin, false)

    • What is controllable? pool, i, j, fromAmount, and toAmountMin.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? If this reverts, the entire call fails --- no reentrancy issues.

Zellic © 2025Back to top ↑