Omniscia Evergon Labs Audit

Erc1155RewardTransferFacetStorage Manual Review Findings

Erc1155RewardTransferFacetStorage Manual Review Findings

ERO-01M: Improper Configuration of Required Packets

Description:

The Erc1155RewardTransferFacetStorage::setCampaignTransferRewards function will improperly configure the amountPerPacket required by a particular EIP-1155 asset as it creates a token-to-amount association rather than a token-to-ID-to-amount association, overwriting previously configured packet amounts required by the latest ones defined to the system.

Impact:

A campaign with the same EIP-1155 asset and multiple IDs of it will be unable to configure distinct amounts per packet for each token ID instead utilizing the latest configured one for all token IDs.

Example:

packages/contracts/contracts/transfers/reward/erc1155/transferrer/Erc1155RewardTransferFacetStorage.sol
135RewardPacket storage campaignPacketInfo = l.campaignsPacketInfo[campaignId];
136

137campaignPacketInfo.tokenIds = tokenIds_;
138campaignPacketInfo.tokenAddresses = new address[](length);
139

140for (uint256 i = 0; i < length; i++) {
141    address tokenAddress = tokenAddresses_[i];
142    uint256 amountPerPacket = amountOfTokensPerPacket_[i];
143

144    if (tokenAddress == address(0)) {
145        revert InvalidZeroRewardPacketAddressData(campaignId, i);
146    }
147    if (amountPerPacket == 0) {
148        revert InvalidZeroRewardPacketAmountData(campaignId, i);
149    }
150

151    // Call Reward Asset Hanlder for approval
152    bytes memory data = abi.encodeWithSignature("setApprovalForAll(address,bool)", address(this), true);
153

154    ICampaignAssetManager(campaignInfo.rewardAssetHandler).execute(tokenAddress, data);
155

156    campaignPacketInfo.tokenAddresses[i] = tokenAddress;
157    campaignPacketInfo.amountOfTokensPerPacket[tokenAddress] = amountPerPacket;
158}

Recommendation:

We advise the code to properly retain a distinct entry per token and per token ID, ensuring that multiple IDs under the same EIP-1155 asset can have varying amounts required per packet which is a canonical use-case scenario of a staking system.

To note, care should be taken to avoid similar albeit less severe complications outlined in the EIP-20 reward configuration function in relation to duplicate entries.

Alleviation (b64b659786cf3c84bea52feb3a69f546ba3601f0):

The mapping relation was updated to support a token to NFT ID to packet association as expected, alleviating this exhibit in full.

Prev

Erc1155RewardMinterFacetStorage.sol (ERG-M)

Next

Erc20InputFacetStorage.sol (EIS-M)

On this page