Assessment reports>Y2K Finance>Threat Model>_claimRefund

Function: _claimRefund(address sender, address token)

This claims a refund for the original sender and token.

Inputs

  • sender

    • Constraints: No constraints.

    • Impact: The address of the original sender.

  • token

    • Constraints: No constraints.

    • Impact: The address of the token to refund.

Branches and code coverage (including function calls)

Intended branches

  • The function checks if the sender is eligible for a refund and the amount to be refunded.

  • The function transfers the refunded amount to the sender either in ETH or the specified token.

  • The function emits a RefundClaimed event.

Negative behavior

  • The function reverts if the sender is not eligible for a refund (i.e., the mapping is zero).

  • The function reverts if the ETH transfer fails.

Function call analysis

  • payable(sender).call{value: amount}("")

    • What is controllable? sender.

    • If return value controllable, how is it used and how can it go wrong? The return value indicates the success of the call, and the data provides more details in case of failure.

    • What happens if it reverts, reenters, or does other unusual control flow? If the call fails, it will revert and the transaction will be rolled back. The checks-effects-interactions pattern is followed.

Zellic © 2024Back to top ↑