Omniscia Boson Protocol Audit

ClientLib Manual Review Findings

CLB-01M: Potentially Discrepant Access Control

Type	Severity	Location
Standard Conformity		ClientLib.sol:L52-L55

Description:

The ClientLib implementation is aware of both the accessController address and the protocolDiamond address, however, when applying access control the accessController locally held is queried instead of the protocolDiamond access control implementation which may differ.

Example:

contracts/protocol/libs/ClientLib.sol

16struct ProxyStorage {
17    // The AccessController address
18    IAccessControlUpgradeable accessController;
19    // The ProtocolDiamond address
20    address protocolDiamond;
21    // The client implementation address
22    address implementation;
23}

Recommendation:

We advise either the access control of protocolDiamond to be queried or, should a dedicated accessController be required for the ProxyStorage, the code to be adequately documented as such.

Alleviation (44009967e4f68092941d841e9e0f5dd2bb31bf0b):

The accessController entry was omitted from the ProxyStorage and now the address is properly looked up via the getAccessControllerAddress getter function exposed by the ps.protocolDiamond.

Omniscia Boson Protocol Audit

ClientLib Manual Review Findings

ClientLib Manual Review Findings

CLB-01M: Potentially Discrepant Access Control

Description:

Example:

Recommendation:

Alleviation (44009967e4f68092941d841e9e0f5dd2bb31bf0b):

BundleBase.sol (BBS-M)

ConfigHandlerFacet.sol (CHF-M)

On this page