Omniscia Boson Protocol Audit
MetaTransactionsHandlerFacet Code Style Findings
MetaTransactionsHandlerFacet Code Style Findings
MTH-01C: BPIP-12 Function Signature Mismatch
| Type | Severity | Location |
|---|---|---|
| Standard Conformity | ![]() | MetaTransactionsHandlerFacet.sol:L329-L336 |
Description:
The BPIP-12 document specifies that the expected meta-transaction function signature for operations involving token transfer authorizations is executeMetaTransactionWithTokenTransferAuthorization(address, bytes, bytes32, bytes32, bytes32, uint8, bytes[]) yet the codebase uses a different, more efficient function signature.
Example:
contracts/protocol/facets/MetaTransactionsHandlerFacet.sol
329function executeMetaTransactionWithTokenTransferAuthorization(330 address _userAddress,331 string calldata _functionName,332 bytes calldata _functionSignature,333 uint256 _nonce,334 bytes calldata _signature,335 bytes calldata _tokenTransferAuthorization336) external payable override metaTransactionsNotPaused returns (bytes memory) {337 TokenTransferAuthorizationLib.loadQueue(_tokenTransferAuthorization);338 bytes memory result = _executeMetaTx(_userAddress, _functionName, _functionSignature, _nonce, _signature);339 // Always clear the queue on the success path so leftover entries (e.g.340 // when the inner call consumed fewer entries than the queue carried)341 // don't leak into a later protocol call in the same transaction. On342 // revert, EIP-1153 already rolls transient writes back, so no clear343 // is needed there.344 TokenTransferAuthorizationLib.clearQueue();345 return result;346}Recommendation:
We advise the updated function signature to be reflected in the BPIP-12 document.
Alleviation (8fccc2716047809e4bc7786c95d346e5c61b2896):
The BPIP-12 definition has been updated to match the function signature highlighted which has also been updated, addressing this exhibit.
