Omniscia Evergon Labs Audit

Erc1155InputFacetStorage Manual Review Findings

Erc1155InputFacetStorage Manual Review Findings

EIG-01M: Improper Configuration of Required Packets

Description:

The Erc1155InputFacetStorage::setCampaignTransferInput function will improperly configure the amountPerPacket required by a particular EIP-1155 asset as it creates a token-to-amount association rather than a token-to-ID-to-amount association, overwriting previously configured packet amounts required by the latest ones defined to the system.

Impact:

A campaign with the same EIP-1155 asset and multiple IDs of it will be unable to configure distinct amounts per packet for each token ID instead utilizing the latest configured one for all token IDs.

Example:

packages/contracts/contracts/transfers/input/erc1155/Erc1155InputFacetStorage.sol
129InputPacket storage campaignPacketInfo = l.campaignsPacketInfo[campaignId];
130

131campaignPacketInfo.tokenIds = tokenIds_;
132

133campaignPacketInfo.tokenAddresses = new address[](length);
134

135for (uint256 i = 0; i < length; i++) {
136    address tokenAddress = tokenAddresses_[i];
137    uint256 amountPerPacket = amountOfTokensPerPacket_[i];
138

139    if (tokenAddress == address(0)) {
140        revert InvalidZeroInputPacketAddressData(campaignId, i);
141    }
142    if (amountPerPacket == 0) {
143        revert InvalidZeroInputPacketAmountData(campaignId, i);
144    }
145

146    // Call InputAssetKeeper for approval
147    bytes memory data = abi.encodeWithSignature("setApprovalForAll(address,bool)", address(this), true);
148

149    ICampaignAssetManager(campaignInfo.inputAssetKeeper).execute(tokenAddress, data);
150

151    campaignPacketInfo.tokenAddresses[i] = tokenAddress;
152    campaignPacketInfo.amountOfTokensPerPacket[tokenAddress] = amountPerPacket;
153}

Recommendation:

We advise the code to properly retain a distinct entry per token and per token ID, ensuring that multiple IDs under the same EIP-1155 asset can have varying amounts required per packet which is a canonical use-case scenario of a staking system.

To note, care should be taken to avoid similar albeit less severe complications outlined in the EIP-20 input configuration function in relation to duplicate entries.

Alleviation (b64b659786cf3c84bea52feb3a69f546ba3601f0):

The mapping relation was updated to support a token to NFT ID to packet association as expected, alleviating this exhibit in full.

Prev

DelegateCallee.sol (DCE-M)

Next

Erc1155RewardMinterFacetStorage.sol (ERG-M)

On this page