Omniscia Boson Protocol Audit

DisputeBase Manual Review Findings

DisputeBase Manual Review Findings

DBE-01M: Potentially Misleading Validation Comments

TypeSeverityLocation
Code StyleDisputeBase.sol:L21

Description:

The linked comment states that the raiseDisputeInternal function validates the state of the exchange is in a redeemed state, however, this type of validation is performed either directly or indirectly wherever the function is invoked.

Example:

contracts/protocol/bases/DisputeBase.sol
15/**
16 * @dev Raise a dispute
17 *
18 * Reverts if:
19 * - caller does not hold a voucher for the given exchange id
20 * - exchange does not exist
21 * - exchange is not in a redeemed state
22 * - fulfillment period has elapsed already
23 *
24 * @param _exchange - the exchange
25 * @param _voucher - the associated voucher
26 * @param _sellerId - the seller id
27 */
28function raiseDisputeInternal(
29    Exchange storage _exchange,
30    Voucher storage _voucher,
31    uint256 _sellerId
32) internal {
33    // Make sure the fulfillment period has elapsed
34    uint256 elapsed = block.timestamp - _voucher.redeemedDate;
35    require(elapsed < fetchOfferDurations(_exchange.offerId).fulfillmentPeriod, FULFILLMENT_PERIOD_HAS_ELAPSED);
36

37    // Make sure the caller is buyer associated with the exchange
38    checkBuyer(_exchange.buyerId);
39

40    // Set the exchange state to disputed
41    _exchange.state = ExchangeState.Disputed;
42

43    // Fetch the dispute and dispute dates
44    (, Dispute storage dispute, DisputeDates storage disputeDates) = fetchDispute(_exchange.id);
45

46    // Set the initial values
47    dispute.exchangeId = _exchange.id;
48    dispute.state = DisputeState.Resolving;
49

50    // Update the disputeDates
51    disputeDates.disputed = block.timestamp;
52    disputeDates.timeout = block.timestamp + fetchOfferDurations(_exchange.offerId).resolutionPeriod;
53

54    // Notify watchers of state change
55    emit DisputeRaised(_exchange.id, _exchange.buyerId, _sellerId, msgSender());
56}

Recommendation:

We advise either the validation to be relocated to the function or the comment to be omitted as the validation statement is incorrect.

Alleviation (f62f5f26c278f8bbe55600c7bb344d5941da8787):

The incorrect comment was omitted in the latest iteration of the report as advised.

Prev

ConfigHandlerFacet.sol (CHF-M)

Next

EIP712Lib.sol (EIP-M)

On this page