Assessment reports>Yeet>Threat Model>zapIn

Function: zapIn(address inputToken, SingleTokenSwap swapToToken0, SingleTokenSwap swapToToken1, KodiakVaultStakingParams stakingParams, VaultDepositParams vaultParams)

This zaps into the vault using a whitelisted token that swaps for token0 and token1.

Inputs

  • inputToken

    • Control: Fully controlled by the caller.

    • Constraints: N/A.

    • Impact: Whitelisted token that swaps for token0 and token1.

  • swapToToken0

    • Control: Fully controlled by the caller.

    • Constraints: N/A.

    • Impact: Information of swapping inputToken to token0.

  • swapToToken1

    • Control: Fully controlled by the caller.

    • Constraints: N/A.

    • Impact: Information of swapping inputToken to token1.

  • stakingParams

    • Control: Fully controlled by the caller.

    • Constraints: stakingParams.kodiakVault must be whitelist.

    • Impact: Information of staking in the vault.

  • vaultParams

    • Control: Fully controlled by the caller.

    • Constraints: N/A.

    • Impact: Information of depositing into the vault.

Branches and code coverage

Intended branches

  • Check if stakingParams.kodiakVault is added in the whitelist.

  • Receive amount that requires to swap inputToken.

Negative behavior

  • stakingParams.kodiakVault is not in the whitelist.

Zellic © 2025Back to top ↑