Omniscia Evergon Labs Audit
OmnichainBaseDataObject Manual Review Findings
OmnichainBaseDataObject Manual Review Findings
OBD-01M: Improper Refund Address
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | OmnichainBaseDataObject.sol:L92 |
Description:
The referenced OmnichainProxy function invocation will assume that the caller themselves owns the same address on the target chain which is incorrect as many L2s employ address masking, especially in the context of smart contract refund recipients (i.e. multi-signature wallets).
Impact:
A cross-chain message's surplus or failure may result in unspent native funds being erroneously sent to an incorrect / inaccessible refund recipient, resulting in minor fund loss.
Example:
contracts/dataobjects/omnichain/OmnichainBaseDataObject.sol
79function setOmnichainDataIndexImplementation(DataPoint dp, address newImpl) public payable virtual {80 if (address(_proxy) == address(0)) revert ZeroProxyAddress();81
82 _requireDataIndexImplIsValid(newImpl);83
84 (uint32 chainId, , ) = DataPoints.decode(dp);85 ChainidTools.requireNotCurrentChain(chainId);86
87 bytes32 rid = _proxy.queryIsDataPointAdmin{value: msg.value}(88 dp,89 msg.sender,90 IS_DATAPOINT_ADMIN_GAS_LIMIT,91 IS_DATAPOINT_ADMIN_CALLBACK_GAS_LIMIT,92 payable(msg.sender)93 );94
95 _callbackData[rid] = OmnichainCallbackHandlerData({96 operation: CallbackOperation.IS_DATAPOINT_ADMIN_RESPONSE,97 opData: abi.encode(dp, newImpl, msg.sender)98 });99}Recommendation:
We advise the system to permit a different refund address to be specified, ensuring that message refund operations are executed correctly.
Alleviation (c6b23c23d8bcd8cce85049ad959cbd711a37126b):
The OmnichainBaseDataObject::setOmnichainDataIndexImplementation function was updated to include a user-defined refundAddress, addressing this exhibit.