Omniscia Evergon Labs Audit

BaseDataObject Manual Review Findings

BDO-01M: Potential of Function Failure

Type	Severity	Location
Logical Fault		BaseDataObject.sol:L203-L207

Description:

The BaseDataObject::_tryDiid function is meant to securely invoke the IDataIndex::diid function, however, it might still fail if the data yielded by the function does not satisfy the bytes32 expected (i.e. yielding an empty payload) or if the function's code runs out of gas.

Impact:

A malfunctioning dataIndexImplementation might result in the BaseDataObject::_tryDiid function failing even though it should not.

Example:

contracts/dataobjects/BaseDataObject.sol

200function _tryDiid(DataPoint dp, address account) internal view returns (bytes32) {
201    (bool success, IDataIndex dataIndexImplementation) = _tryDataIndex(dp);
202    if (!success) return 0;
203    try dataIndexImplementation.diid(account, dp) returns (bytes32 diid) {
204        return diid;
205    } catch {
206        return 0;
207    }
208}

Recommendation:

We advise the code to securely invoke the function using an explicit gas limit as well as a limit on the return data expected, such as by utilizing the ExcessivelySafeCall library.

Alleviation (c6b23c23d8bcd8cce85049ad959cbd711a37126b):

The code was refactored to utilize a low-level static-call with an expected payload length via the relevant SafeCall library of LayerZero, fully alleviating this exhibit.

Omniscia Evergon Labs Audit

BaseDataObject Manual Review Findings

BaseDataObject Manual Review Findings

BDO-01M: Potential of Function Failure

Description:

Impact:

Example:

Recommendation:

Alleviation (c6b23c23d8bcd8cce85049ad959cbd711a37126b):

AccessManagerOmnichainInternal.sol (AML-M)

ERC1155Burnable.sol (ERR-M)

On this page