Omniscia AllianceBlock Audit

MPProviderFacet Manual Review Findings

MPP-01M: Inexistent Direct Invocation Protection

Type	Severity	Location
Logical Fault		MPProviderFacet.sol:L15

Description:

The referenced function is meant to act as a form of state initiation yet does not impose any access control on the logic contract's implementation.

Impact:

While inconsequential in this instance, it is always best practice to not allow the logic contract implementation to be tampered with.

Example:

contracts/facets/MPProviderFacet.sol

11/**
12 * @notice sets the state for the MPProviderFacet
13 * @dev This method is never attached on the diamond
14 */
15function state(bytes memory data_) external {}

Recommendation:

We advise the function to be solely accessible via delegatecall instructions by storing the address(this) evaluation to an immutable contract variable and ensuring that address(this) != self when the MPProviderFacet::state function is invoked, guaranteeing that the function can only be accessed via delegatecall instructions.

Alleviation (54fd570de24631ca65a7cea022aebe43225a08c7):

The MPProviderFacet::state function has been removed altogether, alleviating this exhibit as a side-effect.

Omniscia AllianceBlock Audit

MPProviderFacet Manual Review Findings

MPProviderFacet Manual Review Findings

MPP-01M: Inexistent Direct Invocation Protection

Description:

Impact:

Example:

Recommendation:

Alleviation (54fd570de24631ca65a7cea022aebe43225a08c7):

LibTeleport.sol (LTT-M)

MultiWithDefaultProviderSelector.sol (MWD-M)

On this page