Omniscia Boson Protocol Audit

ExchangeCommitFacet Code Style Findings

ECF-01C: Redundant Conditional Validation

Type	Severity	Location
Gas Optimization		ExchangeCommitFacet.sol:L374

Description:

The referenced conditional will redundantly evaluate whether the OfferCreator enum of the Offer structure is a Buyer even though the enum supports two states and one of the two has already been excluded.

Example:

contracts/protocol/facets/ExchangeCommitFacet.sol

368if (_fullOffer.offer.creator == OfferCreator.Seller) {
369    // Validate caller is seller assistant
370    (, uint256 sellerId) = getSellerIdByAssistant(_offerCreator);
371    if (sellerId != _fullOffer.offer.sellerId) {
372        revert NotAssistant();
373    }
374} else if (_fullOffer.offer.creator == OfferCreator.Buyer) {
375    uint256 buyerId = getValidBuyer(payable(_offerCreator));
376    if (buyerId != _fullOffer.offer.buyerId) {
377        revert NotBuyerWallet();
378    }
379}

Recommendation:

We advise the referenced conditional to be set to an else clause, optimizing its gas cost.

Alleviation (efd5d1a8f23c3bca7c25273ea4c912a367250119):

The Boson Protocol team evaluated this exhibit and opted to retain the code as is as they consider it to be more legible and future-proof.

ECF-02C: Redundant Validation of Seller Parameters

Type	Severity	Location
Gas Optimization		ExchangeCommitFacet.sol:L260-L266

Description:

The ExchangeCommitFacet::createOfferAndCommit function will validate the BosonTypes.SellerOfferParams if the offer creator is the Seller to ensure they remain unspecified, however, they will not be utilized in such a case.

Example:

contracts/protocol/facets/ExchangeCommitFacet.sol

260if (
261    _fullOffer.offer.creator == BosonTypes.OfferCreator.Seller &&
262    (_sellerParams.collectionIndex != 0 ||
263        _sellerParams.royaltyInfo.recipients.length != 0 ||
264        _sellerParams.royaltyInfo.bps.length != 0 ||
265        _sellerParams.mutualizerAddress != address(0))
266) revert SellerParametersNotAllowed();
267
268// verify signature and potential cancellation
269(bytes32 offerHash, uint256 offerId) = verifyOffer(_fullOffer, _offerCreator, _signature);
270
271// create an offer
272if (offerId == 0) {
273    offerId = createOfferInternal(
274        _fullOffer.offer,
275        _fullOffer.offerDates,
276        _fullOffer.offerDurations,
277        _fullOffer.drParameters,
278        _fullOffer.agentId,
279        _fullOffer.feeLimit,
280        false
281    );
282    protocolLookups().offerIdByHash[offerHash] = offerId;
283
284    if (_fullOffer.condition.method != BosonTypes.EvaluationMethod.None) {
285        // Construct new group
286        // - group id is 0, and it is ignored
287        Group memory group;
288        group.sellerId = _fullOffer.offer.sellerId;
289        group.offerIds = new uint256[](1);
290        group.offerIds[0] = offerId;
291
292        // Create group and update structs values to represent true state
293        createGroupInternal(group, _fullOffer.condition, false);
294    }
295}
296
297// Deposit other committer's funds if needed
298if (!_fullOffer.useDepositedFunds) {
299    uint256 offerCreatorId;
300    uint256 offerCreatorAmount;
301    if (_fullOffer.offer.creator == BosonTypes.OfferCreator.Buyer) {
302        // Buyer-created offer: committer is the seller
303        offerCreatorId = _fullOffer.offer.buyerId;
304        offerCreatorAmount = _fullOffer.offer.price;
305    } else {
306        // Seller-created offer: committer is the buyer
307        offerCreatorId = _fullOffer.offer.sellerId;
308        offerCreatorAmount = _fullOffer.offer.sellerDeposit;
309    }
310
311    if (offerCreatorAmount > 0) {
312        transferFundsIn(_fullOffer.offer.exchangeToken, _offerCreator, offerCreatorAmount);
313        increaseAvailableFunds(offerCreatorId, _fullOffer.offer.exchangeToken, offerCreatorAmount);
314        emit IBosonFundsEvents.FundsDeposited(
315            offerCreatorId,
316            _offerCreator,
317            _fullOffer.offer.exchangeToken,
318            offerCreatorAmount
319        );
320    }
321}
322
323if (_fullOffer.condition.method != BosonTypes.EvaluationMethod.None) {
324    if (_fullOffer.offer.creator == BosonTypes.OfferCreator.Buyer) {
325        addSellerParametersToBuyerOffer(_committer, offerId, _sellerParams);
326    }
327
328    commitToConditionalOffer(_committer, offerId, _conditionalTokenId);
329} else {
330    if (_fullOffer.offer.creator == BosonTypes.OfferCreator.Buyer) {
331        commitToBuyerOffer(offerId, _sellerParams);
332    } else {
333        commitToOffer(_committer, offerId);
334    }
335}

Recommendation:

We advise this validation to be omitted as it restricts the function's input arguments redundantly.

Alleviation (efd5d1a8f23c3bca7c25273ea4c912a367250119):

The Boson Protocol team evaluated this exhibit and clarified that they wish to validate the presence of default values so as to avoid a buyer assuming their configured values have taken effect.

As such, we consider this exhibit to be nullified given that the original behaviour is explicitly desirable.

Omniscia Boson Protocol Audit

ExchangeCommitFacet Code Style Findings

ExchangeCommitFacet Code Style Findings

ECF-01C: Redundant Conditional Validation

Description:

Example:

Recommendation:

Alleviation (efd5d1a8f23c3bca7c25273ea4c912a367250119):

ECF-02C: Redundant Validation of Seller Parameters

Description:

Example:

Recommendation:

Alleviation (efd5d1a8f23c3bca7c25273ea4c912a367250119):

DRFeeMutualizer.sol (DRF-C)

FundsBase.sol (FBE-C)

On this page