Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Y2K Finance>Threat Model>swapAndBridge
GeneralOverview
Findings
Critical (1)
High (3)
Medium (5)
Low (4)
Informational (1)
DiscussionVariable naming suggestionDocumentation contains additional parameterThe function `_swapUniswapV2` can be rewrittenLayerZero configurationUse Non-blocking pattern instead of blocking pattern in lzReceiveUse reentrancy guards in deposit and withdraw functions
Threat ModelWhat are threat models?ERC4626.solHookAave.solHookAaveFixYield.solQueueContract.solStrategyVault.solSwapRouter.solbridgeController.solcurve.solswapController.soluniswapV2.soluniswapV3.solvaultController.solzapDest.sol
zapFrom.solbridgepermitSwapAndBridgeswapAndBridgewithdraw
Audit ResultsSummary

Function: swapAndBridge(uint256 amountIn, address fromToken, address receivedToken, uint16 srcPoolId, uint16 dstPoolId, byte[1] dexId, byte[] swapPayload, byte[] bridgePayload)

The same function as permitSwapAndBridge but transfers fromToken with approve from msg.sender instead of permit.

Zellic © 2025Back to top ↑