Omniscia Evergon Labs Audit
FundingErc20PacketsFacet Manual Review Findings
FundingErc20PacketsFacet Manual Review Findings
FEP-01M: Misleading Function Purpose
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | FundingErc20PacketsFacet.sol:L36 |
Description:
The FundingErc20PacketsFacet::initFundingPacketFacet function specifies that it expects a specific encoded format as its input and that it performs certain actions that it ultimately does not.
Impact:
The FundingErc20PacketsFacet implementation is meant to restrict EIP-20 assets that are permitted via it yet fails to do so.
Example:
30/**31 * @notice Initializes the `FundingErc20PacketsFacetStorage` by setting the approved ERC20 tokens.32 * @dev These tokens serve as valid funding currencies within the platform.33 * @param initFundingPacketData The ABI-encoded data containing the following:34 * `approvedTokens`: An array of ERC20 token addresses approved for inclusion in input packets.35 */36function initFundingPacketFacet(bytes calldata initFundingPacketData) external onlyExternalDelegateCall {}Recommendation:
We advise the code to be updated to either perform the tasks it advertises (i.e. whitelisting of approved EIP-20 addresses for inclusion as packets), or the documentation and explicit variable name to be omitted.
Alleviation (d682057ecb0e254069773d64f32c068cedb71e2a):
The Evergon Labs team evaluated this exhibit and opted to correct the documentation instead as no restriction is meant to be imposed.
As such, we consider the exhibit nullified as the original behaviour of the code was correct and its documentation was outdated.