Omniscia 0xPhase Audit

ERC20PermitUpgradeable Manual Review Findings

ERC20PermitUpgradeable Manual Review Findings

ERP-01M: Significant Deviation of Standard

TypeSeverityLocation
Standard ConformityERC20PermitUpgradeable.sol:L38-L44

Description:

The ERC20PermitUpgradeable::permit function contains a discrepant interface as it defines a bytes memory parameter instead of the v, r, and s values in sequence causing it to be incompatible with IERC20Permit-compatible systems.

Impact:

As the ERC20PermitUpgradeable implementation of 0xPhase contains a customized permit function implementation, the code will fail to properly integrate with other DeFi modules that support the permit paradigm, hindering the project's adoption greatly.

Example:

lib/token/ERC20/ERC20PermitUpgradeable.sol
35/**
36 * @dev See {IERC20Permit-permit}.
37 */
38function permit(
39  address owner,
40  address spender,
41  uint256 value,
42  uint256 deadline,
43  bytes memory sig
44) public virtual override {

Recommendation:

We advise the standardized v, r, and s variables to be set in the function and the bytes memory sig payload to be constructed if necessary for the SignatureChecker::isValidSignatureNow function.

Alleviation (3dd3d7bf0c2693b2f9c23bacedfa420393f7ea84):

The 0xPhase team opted to support both the standardized ERC20PermitUpgradeable::permit function as well as a new ERC20PermitUpgradeable::permit2 implementation that utilizes a bytes calldata argument to represent the signature, alleviating this exhibit while maximizing the compatibility of the contract.

Prev

DiamondLib.sol (DLI-M)

Next

ERC20VotesUpgradeable.sol (ERV-M)

On this page