Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Yeet>Threat Model>_yeet
GeneralOverview
Findings
Medium (4)
Low (1)
Informational (1)
Threat ModelWhat are threat models?Reward.sol
Yeet.sol_yeetclaim
Audit ResultsAssessment Results

Function: _yeet(uint256[] tokenIds)

This function allows the caller to yeet the native token to participate in the game. This function can be called with empty tokenIds and with the tokenIds array that is controlled by the caller. The tokenIds array contains the NFTs owned by the user, which allows them get the additional boost for the provided native token amount.

Inputs

  • tokenIds

    • Control: Full control.

    • Constraints: User should be the owner of provided tokenIds.

    • Impact: The NFTs owned by the user determines the NFT boost that will be added to the provided native token amount.

Branches and code coverage

Intended branches

  • The updated publicGoodsAmount, treasuryRevenueAmount, potToYeetback, and potToWinner values correspond to the expected values.

  • The state of the rewardsContract is updated properly.

  • The expected amount of tokens are deposited to the stakingContract.

Negative behavior

  • The tokenIds contains duplicates.

  • The caller does not own the provided tokenIds.

Function call analysis

  • this._minimumYeetPoint(potToWinner)

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? The function returns the minimum amout of tokens needed to yeet; it can be the amount determined by the global MINIMUM_YEET_POINT if potToWinner is zero or if the isBoostrapPhase returns true. Otherwise, it will be potToWinner / POT_DIVISION. The issue can occur in the case where the bootstrap phase is skipped and the potToWinner is not zero, but this value is very small, such that the return value will be less than MINIMUM_YEET_POINT. Accordingly, the user will be able to perform the function while contributing a small amount of funds.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

  • this.getDistribution(msg.value)

    • What is controllable? msg.value.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? This function splits the provided funds into fractional parts according to the current settings; it returns the value to the pot, to the Yeetback, to the stakers, to public goods, and to the treasury. This function will revert if the sum of the parts is not equal to the original msg.value.

  • yeetback.addYeetsInRound(roundNumber, msg.sender)

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? The roundNumber should not be zero.

  • getBoostedValue(msg.sender, valueToPot, tokenIds)

    • What is controllable? tokenIds.

    • If the return value is controllable, how is it used and how can it go wrong? If a user provides the duplicate of token IDs, they will be counted as unique IDs.

    • What happens if it reverts, reenters or does other unusual control flow? The function will revert if the caller does not own a token ID or if the token ID is isEligibleForBoost. If the yeetardsNFTsAddress address is zero, the token IDs will not be used at all.

  • rewardsContract.addYeetVolume(msg.sender, boostedValue)

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? No problems.

  • stakingContract.depositReward{value: valueToStakers}()

    • What is controllable? N/A.

    • If the return value is controllable, how is it used and how can it go wrong? N/A.

    • What happens if it reverts, reenters or does other unusual control flow? N/A.

Zellic © 2024Back to top ↑