Omniscia Boson Protocol Audit
BosonConstants Manual Review Findings
BosonConstants Manual Review Findings
BCS-01M: Potentially Incorrect Type-Hash Definitions
| Type | Severity | Location |
|---|---|---|
| Standard Conformity |  | BosonConstants.sol:L177, L181, L187, L193 |
Description:
The referenced type-hash definitions appear to contain two different definitions in sequence thereby not conforming to the type-hash paradigm.
Example:
contracts/domain/BosonConstants.sol
176bytes32 constant META_TX_COMMIT_TO_OFFER_TYPEHASH = keccak256(177 "MetaTxCommitToOffer(uint256 nonce,address from,address contractAddress,string functionName,MetaTxOfferDetails offerDetails)MetaTxOfferDetails(address buyer,uint256 offerId)"178);179bytes32 constant EXCHANGE_DETAILS_TYPEHASH = keccak256("MetaTxExchangeDetails(uint256 exchangeId)");180bytes32 constant META_TX_EXCHANGE_TYPEHASH = keccak256(181 "MetaTxExchange(uint256 nonce,address from,address contractAddress,string functionName,MetaTxExchangeDetails exchangeDetails)MetaTxExchangeDetails(uint256 exchangeId)"182);183bytes32 constant FUND_DETAILS_TYPEHASH = keccak256(184 "MetaTxFundDetails(uint256 entityId,address[] tokenList,uint256[] tokenAmounts)"185);186bytes32 constant META_TX_FUNDS_TYPEHASH = keccak256(187 "MetaTxFund(uint256 nonce,address from,address contractAddress,string functionName,MetaTxFundDetails fundDetails)MetaTxFundDetails(uint256 entityId,address[] tokenList,uint256[] tokenAmounts)"188);189bytes32 constant DISPUTE_RESOLUTION_DETAILS_TYPEHASH = keccak256(190 "MetaTxDisputeResolutionDetails(uint256 exchangeId,uint256 buyerPercent,bytes32 sigR,bytes32 sigS,uint8 sigV)"191);192bytes32 constant META_TX_DISPUTE_RESOLUTIONS_TYPEHASH = keccak256(193 "MetaTxDisputeResolution(uint256 nonce,address from,address contractAddress,string functionName,MetaTxDisputeResolutionDetails disputeResolutionDetails)MetaTxDisputeResolutionDetails(uint256 exchangeId,uint256 buyerPercent,bytes32 sigR,bytes32 sigS,uint8 sigV)"194);Recommendation:
We advise them to be corrected as they may lead to unexpected signed payloads for integrators.
Alleviation (44009967e4f68092941d841e9e0f5dd2bb31bf0b):
After evaluation of supplemental material provided to us by the Boson Protocol team we evaluated that their definitions of the struct types conform to the EIP-712 standard and as such this exhibit can be considered nullified.