Omniscia Evergon Labs Audit
AssetUnwrapperFacetStorage Manual Review Findings
AssetUnwrapperFacetStorage Manual Review Findings
AUS-01M: Incorrect State Evaluation
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | AssetUnwrapperFacetStorage.sol:L64 |
Description:
The AssetUnwrapperFacetStorage::claimAssetsAfterNonFunded function will validate that the campaign is not in an unfunded state, permitting the creator of a campaign to unwrap its assets at any point in time.
Impact:
The creator of a campaign can unwrap all underlying assets as long as it is not in a non-funded state.
Example:
packages/contracts/contracts/withdrawalFacets/AssetUnwrapperFacetStorage.sol
60function claimAssetsAfterNonFunded(Layout storage l, uint256 campaignId, address account) internal {61 GeneralStorage.Layout storage gs = GeneralStorage.layout();62
63 if (account != gs.infoForId[campaignId].creator) revert NonCreatorAccount(account);64 if (l.nonFundedState == StateFacetStorage.layout().stateOfId[campaignId]) {65 revert NotInNonFundedState(l.nonFundedState, StateFacetStorage.layout().stateOfId[campaignId]);66 }67
68 address fractionsContract = gs.infoForId[campaignId].fractionsContract;69
70 IFraction(fractionsContract).forceFullyUnlockWrappedAssets(account);71}Recommendation:
We advise this to be corrected by adjusting the conditional to be an inequality case instead.
Alleviation (71cda4ccfdcfa25fb96a4565f1f8143b350dd246):
The vulnerability was corrected per our recommendation in an earlier commit hash, however, the contract is no longer part of the codebase in the latest commit rendering the exhibit to be addressed indirectly.