Omniscia Evergon Labs Audit
DoRecoverErc1155FractionsFacet Manual Review Findings
DoRecoverErc1155FractionsFacet Manual Review Findings
DRE-01M: Inexistent Application of Call States
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | DoRecoverErc1155FractionsFacet.sol: • I-1: L13 • I-2: L14 |
Description:
The referenced function implementations are meant to be invoked via delegatecall operations of the protocol's Diamond implementation yet do not apply any modifiers.
Impact:
As the functions are empty, the enforcement of those modifiers is a matter of standardization rather than security.
Example:
packages/contracts/contracts/subInternalFacets/recoverFractionsPhaseFacets/doRecoverFractionsFacets/doRecoverErc1155FractionsFacet/DoRecoverErc1155FractionsFacet.sol
13function initDoRecoverFractionsFacet(bytes calldata initDoRecoverFractionsData) external {}14function setAndCheckDoRecoverFractions(bytes calldata postFractionDoRecoverFractionsData) external {}Recommendation:
We advise the appropriate DelegateCallee modifiers to be enforced, preventing unauthorized access of those functions.
Alleviation (d682057ecb0e254069773d64f32c068cedb71e2a):
The expected call states of each function are now appropriately enforced via the DelegateCallee dependency.