Omniscia Boson Protocol Audit

TokenTransferAuthorizationLib Manual Review Findings

TokenTransferAuthorizationLib Manual Review Findings

TTA-01M: Potentially Restrictive Panic

Description:

The TokenTransferAuthorizationLib::consumeForTransfer function will attempt to decode token transfer authorization strategies and revert via a panic if an unknown TokenTransferAuthorizationStrategy enum is provided.

As the Boson Protocol codebase is deployed across multiple chains, certain chains might have different authorization strategies with some possessing more than others. In such cases, the construction of transactions would be burdensome as, depending on the network, different payloads would have to be created to avoid this revert.

Example:

contracts/protocol/libs/TokenTransferAuthorizationLib.sol
186// Decoding as the enum makes Solidity range-check the tag for us: any
187// value outside `TokenTransferAuthorizationStrategy`'s declared range
188// trips `Panic(0x21)` inside `abi.decode`. The dispatch below therefore
189// only needs to handle the four known strategies and can fall through
190// to `return false` for `None`.
191(BosonTypes.TokenTransferAuthorizationStrategy strategy, bytes memory data) = abi.decode(
192 entry,
193 (BosonTypes.TokenTransferAuthorizationStrategy, bytes)
194);

Recommendation:

We advise the code to instead return false if the decoding operation is not possible, optimizing the protocol's cross-chain usage.

Alleviation (8fccc2716047809e4bc7786c95d346e5c61b2896):

The Boson Protocol team evaluated this exhibit and clarified that the strategies they employ cross-chain are consistent and that reverting is the correct course of action for the current deployment expected, with intentions to add graceful handling if the cross-chain deployments deviate in their strategies.

As such, we consider this exhibit safely acknowledged.

TTA-02M: Inexistent Support of DAI Permit

Description:

The codebase is meant to be compatible with DAI as indicated by the presence of the DAIAliases file and the SudoswapWrapper yet does not support its permit flow.

Impact:

The DAI token permit is currently unsupported by the Boson Protocol system even though DAI itself is actively used in the protocol.

Example:

contracts/protocol/libs/TokenTransferAuthorizationLib.sol
239function _consumeEIP2612(address _token, address _from, address _to, uint256 _amount, bytes memory _data) private {
240 (uint256 deadline, uint8 v, bytes32 r, bytes32 s) = abi.decode(_data, (uint256, uint8, bytes32, bytes32));
241 if (IERC20(_token).allowance(_from, _to) != _amount) {
242 IERC2612(_token).permit(_from, _to, _amount, deadline, v, r, s);
243 }
244 IERC20(_token).safeTransferFrom(_from, _to, _amount);
245}

Recommendation:

We advise the DAI-specific permit signature and flow to be supported similarly to the existing EIP-2612 permit flow.

Alleviation (8fccc2716047809e4bc7786c95d346e5c61b2896):

Proper support for DAI-like permits has been introduced by merging EIP-2612 and DAI-like permit functionality into a single TokenTransferAuthorizationLib::_consumePermit handler, alleviating this exhibit.