Assessment reportsPublic findings
Back to Zellic siteBack
Assessment reports>Y2K Finance>Threat Model>_swapUniswapV3
GeneralOverview
Findings
Critical (1)
High (3)
Medium (4)
Low (5)
Informational (1)
DiscussionVariable naming suggestionDocumentation contains additional parameterThe function `_swapUniswapV2` can be rewrittenLayerZero configurationUse Non-blocking pattern instead of blocking pattern in lzReceiveUse reentrancy guards in deposit and withdraw functions
Threat ModelWhat are threat models?ERC4626.solHookAave.solHookAaveFixYield.solQueueContract.solStrategyVault.solSwapRouter.solbridgeController.solcurve.solswapController.soluniswapV2.sol
uniswapV3.sol_executeSwap_swapUniswapV3uniswapV3SwapCallback
vaultController.solzapDest.solzapFrom.sol
Audit ResultsSummary

Function: _swapUniswapV3(uint256 fromAmount, byte[] payload)

This decodes the payload and conducts the swaps.

Inputs

  • fromAmount

    • Constraints: No constraints.

    • Impact: The amount of the fromToken being swapped.

  • payload

    • Constraints: No constraints.

    • Impact: The encoded payload for the swap.

Branches and code coverage (including function calls)

Intended branches

  • The function handles swaps for multitoken paths correctly.

Negative behavior

  • The function reverts if the resulting amountOut is less than toAmountMin.

Function call analysis

  • _executeSwap(path[0], path[1], fromAmount, fee[0])

    • What is controllable? path[0], path[1], fromAmount, fee[0].

    • If return value controllable, how is it used and how can it go wrong? The return value is used as the input for the next swap.

    • What happens if it reverts, reenters, or does other unusual control flow? If this reverts, the entire call fails --- no reentrancy issues.

  • _executeSwap(path[i], path[i + 1], amountOut, fee[i])

    • What is controllable? path[i], path[i + 1], amountOut and fee[i].

    • If return value controllable, how is it used and how can it go wrong? The return value is used as the input for the next swap.

    • What happens if it reverts, reenters, or does other unusual control flow? If this reverts, the entire call fails --- no reentrancy issues.

  • _executeSwap(path[path.length - 2], path[path.length - 1], amountOut, fee[path.length - 2])

    • What is controllable? path[path.length - 2], path[path.length - 1], amountOut, fee[path.length - 2].

    • If return value controllable, how is it used and how can it go wrong? The return value is the final amountOut.

    • What happens if it reverts, reenters, or does other unusual control flow? If this reverts, the entire call fails --- no reentrancy issues.

Zellic © 2025Back to top ↑