Omniscia 0xPhase Audit
ERC20VotesUpgradeable Manual Review Findings
ERC20VotesUpgradeable Manual Review Findings
ERV-01M: Significant Deviation of Standard
| Type | Severity | Location |
|---|---|---|
| Standard Conformity |  | ERC20VotesUpgradeable.sol:L39-L45 |
Description:
The ERC20VotesUpgradeable::delegateBySig function contains a discrepant interface as it defines a bytes memory parameter instead of the v, r, and s values in sequence causing it to be incompatible with IERC20Votes-compatible systems.
Impact:
As the ERC20VotesUpgradeable implementation of 0xPhase contains a customized delegateBySig function implementation, the code will fail to properly integrate with other DeFi modules that support the permit paradigm, hindering the project's adoption greatly.
Example:
39function delegateBySig(40 address delegator,41 address delegatee,42 uint256 nonce,43 uint256 expiry,44 bytes memory sig45) public virtual override {Recommendation:
We advise the standardized v, r, and s variables to be set in the function and the bytes memory sig payload to be constructed if necessary for the SignatureChecker::isValidSignatureNow function.
Alleviation (3dd3d7bf0c2693b2f9c23bacedfa420393f7ea84):
The 0xPhase team opted to support both the standardized ERC20VotesUpgradeable::delegateBySig function as well as a new ERC20VotesUpgradeable::delegateBySig2 implementation that utilizes a bytes calldata argument to represent the signature, alleviating this exhibit while maximizing the compatibility of the contract.