Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Y2K Finance>Threat Model>clearQueuedDeposits
GeneralOverview
Findings
Critical (1)
High (3)
Medium (4)
Low (5)
Informational (1)
DiscussionVariable naming suggestionDocumentation contains additional parameterThe function `_swapUniswapV2` can be rewrittenLayerZero configurationUse Non-blocking pattern instead of blocking pattern in lzReceiveUse reentrancy guards in deposit and withdraw functions
Threat ModelWhat are threat models?ERC4626.solHookAave.solHookAaveFixYield.solQueueContract.sol
StrategyVault.solclaimEmissionsclearQueuedDepositsclosePositiondeployPositiondepositrequestWithdrawalsetWeightStrategyunrequestWithdrawalupdateActiveListwithdrawwithdrawFromQueue
SwapRouter.solbridgeController.solcurve.solswapController.soluniswapV2.soluniswapV3.solvaultController.solzapDest.solzapFrom.sol
Audit ResultsSummary

Function: clearQueuedDeposits(uint256 queueSize)

The function allows the contract owner to clear the fixed amount of deposits in the end of queue. Also it mints the appropriate amount of shares for receivers from queue and transfer deposited tokens from QueueContract to this contract.

Inputs

  • queueSize

    • Constraints: No checks.

    • Impact: The amount of elements of queueDeposits will be deleted.

Branches and code coverage (including function calls)

Intended branches

  • The queueSize is equal to queueDeposits.length.

  • queueSize is less than queueDeposits.length.

Negative behavior

  • queueSize is more than queueDeposits.length.

  • queueSize is zero.

Function call analysis

  • _updateUserEmissions(qDeposit.receiver, shares, true)

    • What is controllable? The qDeposit.receiver value from queueDeposits --- shares is calculated here.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? There is no problem.

  • _mint(qDeposit.receiver, shares);

    • What is controllable? The qDeposit.receiver value from queueDeposits --- shares is calculated here.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? There is no problem.

  • queueContract.transferToStrategy();

    • What is controllable? N/A.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? The function transfers full queue balance to the strategy, but it should only transfer the pulledAmount.

  • asset.safeApprove(address(hook.addr), pulledAmount);

    • What is controllable? The pulledAmount value is calculated here --- the full amount of assets tokens cleared from queue. The hook.addr is set by the owner of the contract.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? There is no problem. The function is called if hook.command.shouldCallAfterDeposit() == true.

  • hook.addr.afterDeposit(pulledAmount);

    • What is controllable? The pulledAmount value is calculated here --- the full amount of assets tokens cleared from queue.

    • If return value controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters, or does other unusual control flow? hook.command.shouldCallAfterDeposit() == true.

Zellic © 2025Back to top ↑