Omniscia Evergon Labs Audit
DoForceUnlockOnNonFundedFacet Manual Review Findings
DoForceUnlockOnNonFundedFacet Manual Review Findings
DFU-01M: Inexistent Application of Call States
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | DoForceUnlockOnNonFundedFacet.sol: • I-1: L24 • I-2: L25 |
Description:
The referenced function implementations are meant to be invoked via delegatecall operations of the protocol's Diamond implementation yet do not apply any modifiers.
Impact:
As the functions are empty, the enforcement of those modifiers is a matter of standardization rather than security.
Example:
packages/contracts/contracts/subInternalFacets/forceUnlockOnNonFundedFacets/doForceUnlockOnNonFundedFacets/doForceUnlockOnNonFunded/DoForceUnlockOnNonFundedFacet.sol
24function initDoForceUnlockOnNonFundedFacet(bytes calldata initDoForceUnlockOnNonFundedData) external {}25function setAndCheckDoForceUnlockOnNonFunded(bytes calldata postFractionDoForceUnlockOnNonFundedData) external {}Recommendation:
We advise the appropriate DelegateCallee modifiers to be enforced, preventing unauthorized access of those functions.
Alleviation (d682057ecb0e254069773d64f32c068cedb71e2a):
The expected call states of each function are now appropriately enforced via the DelegateCallee dependency.