Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Y2K Finance>Threat Model>_claimRefund
GeneralOverview
Findings
Critical (1)
High (3)
Medium (5)
Low (4)
Informational (1)
DiscussionVariable naming suggestionDocumentation contains additional parameterThe function `_swapUniswapV2` can be rewrittenLayerZero configurationUse Non-blocking pattern instead of blocking pattern in lzReceiveUse reentrancy guards in deposit and withdraw functions
Threat ModelWhat are threat models?ERC4626.solHookAave.solHookAaveFixYield.solQueueContract.solStrategyVault.solSwapRouter.solbridgeController.solcurve.solswapController.soluniswapV2.soluniswapV3.sol
vaultController.sol_claimRefund_depositToVault_withdrawFromVault
zapDest.solzapFrom.sol
Audit ResultsSummary

Function: _claimRefund(address sender, address token)

This claims a refund for the original sender and token.

Inputs

  • sender

    • Constraints: No constraints.

    • Impact: The address of the original sender.

  • token

    • Constraints: No constraints.

    • Impact: The address of the token to refund.

Branches and code coverage (including function calls)

Intended branches

  • The function checks if the sender is eligible for a refund and the amount to be refunded.

  • The function transfers the refunded amount to the sender either in ETH or the specified token.

  • The function emits a RefundClaimed event.

Negative behavior

  • The function reverts if the sender is not eligible for a refund (i.e., the mapping is zero).

  • The function reverts if the ETH transfer fails.

Function call analysis

  • payable(sender).call{value: amount}("")

    • What is controllable? sender.

    • If return value controllable, how is it used and how can it go wrong? The return value indicates the success of the call, and the data provides more details in case of failure.

    • What happens if it reverts, reenters, or does other unusual control flow? If the call fails, it will revert and the transaction will be rolled back. The checks-effects-interactions pattern is followed.

Zellic © 2024Back to top ↑