Omniscia Boson Protocol Audit
OfferHandlerFacet Manual Review Findings
OfferHandlerFacet Manual Review Findings
OHF-01M: Inexistent Re-Entrancy Protection
| Type | Severity | Location |
|---|---|---|
| Language Specific |  | OfferHandlerFacet.sol:L107 |
Description:
The createOfferBatch function does not provide re-entrancy protection in contrast to the createOffer function.
Impact:
A re-entrancy during the creation of an offer can cause a corrupted order to be stored and potentially exploited via another, nonReentrant protected pathway of the Boson Protocol.
Example:
contracts/protocol/facets/OfferHandlerFacet.sol
55function createOffer(56 Offer memory _offer,57 OfferDates calldata _offerDates,58 OfferDurations calldata _offerDurations,59 uint256 _disputeResolverId,60 uint256 _agentId61) external override offersNotPaused nonReentrant {62 createOfferInternal(_offer, _offerDates, _offerDurations, _disputeResolverId, _agentId);63}64
65/**66 * @notice Creates a batch of offers.67 *68 * Emits an OfferCreated event for every offer if successful.69 *70 * Reverts if:71 * - The offers region of protocol is paused72 * - Number of offers exceeds maximum allowed number per batch73 * - Number of elements in offers, offerDates and offerDurations do not match74 * - for any offer:75 * - Caller is not an operator76 * - Valid from date is greater than valid until date77 * - Valid until date is not in the future78 * - Both voucher expiration date and voucher expiraton period are defined79 * - Neither of voucher expiration date and voucher expiraton period are defined80 * - Voucher redeemable period is fixed, but it ends before it starts81 * - Voucher redeemable period is fixed, but it ends before offer expires82 * - Fulfillment period is set to zero83 * - Resolution period is set to zero84 * - Voided is set to true85 * - Available quantity is set to zero86 * - Dispute resolver wallet is not registered, except for absolute zero offers with unspecified dispute resolver with unspecified dispute resolver87 * - Dispute resolver is not active, except for absolute zero offers with unspecified dispute resolver88 * - Seller is not on dispute resolver's seller allow list89 * - Dispute resolver does not accept fees in the exchange token90 * - Buyer cancel penalty is greater than price91 * - When agent ids are non zero:92 * - If Agent does not exist93 * - If the sum of Agent fee amount and protocol fee amount is greater than the offer fee limit94 *95 * @param _offers - the array of fully populated Offer structs with offer id set to 0x0 and voided set to false96 * @param _offerDates - the array of fully populated offer dates structs97 * @param _offerDurations - the array of fully populated offer durations structs98 * @param _disputeResolverIds - the array of ids of chosen dispute resolvers (can be 0)99 * @param _agentIds - the array of ids of agents100 */101function createOfferBatch(102 Offer[] calldata _offers,103 OfferDates[] calldata _offerDates,104 OfferDurations[] calldata _offerDurations,105 uint256[] calldata _disputeResolverIds,106 uint256[] calldata _agentIds107) external override offersNotPaused {Recommendation:
We advise the nonReentrant modifier to properly be applied to the function as it interacts with unknown tokens which may cause the offer creation workflow to be hijacked mid-creation.
Alleviation (44009967e4f68092941d841e9e0f5dd2bb31bf0b):
The nonReentrant modifier has been properly introduced to the createOfferBatch function as advised.