Omniscia Alliance Block Audit

GovernanceFacet Manual Review Findings

GFT-01M: Inexistent Prevention of Re-Invocation

Type	Severity	Location
Standard Conformity		GovernanceFacet.sol:L14-L25

Description:

The linked function is meant to be invoked as an initialization by the diamond cut pattern, however, it contains no access control.

Example:

contracts/facets/GovernanceFacet.sol

14/**
15 * @notice initializes the state for the Governance facet
16 * @param data_ abi encoded data - the list of governance members.
17 */
18function init(bytes memory data_) external override {
19    (address[] memory members) = abi.decode(data_, (address[]));
20    require(members.length > 0, "Governance: member list empty");
21    for (uint256 i = 0; i < members.length; i++) {
22        LibGovernance.updateMember(members[i], true);
23        emit MemberUpdated(members[i], true);
24    }
25}

Recommendation:

Even though it may not be directly exposed by the diamond instance, it is still good practice to explicitly prevent initialization functions from being re-invoked. We advise this to be done so by ensuring that memberCount is zero when init is invoked.

Alleviation:

The Alliance Block team renamed the function from init to state, illustrating that the functions could potentially be re-invoked in the future as part of a state reset. As a result, we consider this exhibit adequately dealt with.

Omniscia Alliance Block Audit

GovernanceFacet Manual Review Findings

GovernanceFacet Manual Review Findings

GFT-01M: Inexistent Prevention of Re-Invocation

Description:

Example:

Recommendation:

Alleviation:

DiamondCutSimpleFacet.sol (DCS-M)

RouterFacet.sol (RFT-M)

On this page