Omniscia Boson Protocol Audit

MetaTransactionsHandlerFacet Code Style Findings

MetaTransactionsHandlerFacet Code Style Findings

MTH-01C: BPIP-12 Function Signature Mismatch

Description:

The BPIP-12 document specifies that the expected meta-transaction function signature for operations involving token transfer authorizations is executeMetaTransactionWithTokenTransferAuthorization(address, bytes, bytes32, bytes32, bytes32, uint8, bytes[]) yet the codebase uses a different, more efficient function signature.

Example:

contracts/protocol/facets/MetaTransactionsHandlerFacet.sol
329function executeMetaTransactionWithTokenTransferAuthorization(
330 address _userAddress,
331 string calldata _functionName,
332 bytes calldata _functionSignature,
333 uint256 _nonce,
334 bytes calldata _signature,
335 bytes calldata _tokenTransferAuthorization
336) external payable override metaTransactionsNotPaused returns (bytes memory) {
337 TokenTransferAuthorizationLib.loadQueue(_tokenTransferAuthorization);
338 bytes memory result = _executeMetaTx(_userAddress, _functionName, _functionSignature, _nonce, _signature);
339 // Always clear the queue on the success path so leftover entries (e.g.
340 // when the inner call consumed fewer entries than the queue carried)
341 // don't leak into a later protocol call in the same transaction. On
342 // revert, EIP-1153 already rolls transient writes back, so no clear
343 // is needed there.
344 TokenTransferAuthorizationLib.clearQueue();
345 return result;
346}

Recommendation:

We advise the updated function signature to be reflected in the BPIP-12 document.

Alleviation (8fccc2716047809e4bc7786c95d346e5c61b2896):

The BPIP-12 definition has been updated to match the function signature highlighted which has also been updated, addressing this exhibit.