Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Bond Protocol>Threat Models>_burnToken
GeneralOverview
Findings
Medium (2)
Low (1)
Informational (3)
DiscussionRedundant safeTransfer callAssure token is activeRemove unchecked blockDouble-counted auctioneer
Threat ModelsWhat are threat models?BondAggregator.solBondBaseCallback.solBondBaseSDA.solBondBaseTeller.solBondFixedExpirySDA.solBondFixedExpiryTeller.solBondFixedTermSDA.sol
BondFixedTermTeller.sol_handlePayoutcreateredeembatchRedeemmintToken_burnTokengetTokenId
Audit ResultsResults

Function _burnToken(address from,uint256 tokenId_,uint256 amount_) internal

INTERNAL FUNCTION

  1. Intended behavior.

    • The internal function, which allows burning amount_ of Bond tokenId_ tokens from from address and decreases supply value for this tokenId_.

  2. Negative behavior.

    • users should not have unrestricted access to this function. The caller function should control from parameter, not allowing users to burn other user's tokens.

    • shouldn’t allow burning tokens if the user does not have enough tokens, partial burn should be impossible. should reject in this case

  3. Preconditions.

    • user fromshould have ≥ amount of tokenId_ tokens.

    • the caller function should not allow to user pass any from address.

  4. Postconditions.

    • the supply pf the bondToken should decrease by amount

    • the balance of the user in terms of bondTokens should decrease by amount.

  5. Inputs.

  6. Examine all function calls the function makes.

    a. Call to burn(from, tokenId_, amount_)

    • What is controllable? (callee, params, return value): the calling function should not allow the user to control the from value

    • If return value controllable, how is it used and how can it go wrong? there is no return value

    • What happens if it reverts or tries to reenter? N/A

Zellic © 2025Back to top ↑