Omniscia Evergon Labs Audit
CheckAndJumpToNonFundedFacetStorage Manual Review Findings
CheckAndJumpToNonFundedFacetStorage Manual Review Findings
CAT-01M: Potentially Unconfigured Restriction
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | CheckAndJumpToNonFundedFacetStorage.sol:L61-L62 |
Description:
The CheckAndJumpToNonFundedFacetStorage::checkAndJumpToNonFunded function will mandate that the purchase phase has ended, however, it does not validate that it was configured in the first place.
Impact:
A campaign with an undefined purchase phase and a state equal to the interferenceState will be able to be advanced as if the purchase phase has ended.
Example:
packages/contracts/contracts/subSkeletonFacets/subConnectors/purchaseToNonFundedConnectors/checkAndJumpToNonFunded/CheckAndJumpToNonFundedFacetStorage.sol
59function checkAndJumpToNonFunded(Layout storage l, uint256 campaignId) internal {60 // Check if purchase phase has ended.61 (, uint256 endingTimestamp) = IPurchaseTimeFacet(address(this)).getPurchaseTimes(campaignId);62 if (endingTimestamp >= block.timestamp) revert NonFinishedPurchaseDuration();63
64 // Check that amount is not reached.65 if (IPurchaseAmountFacet(address(this)).isTotalAmountValid(campaignId)) revert InvalidAmountsForNonFunded();66
67 // change state to non funded68 IStateFacet(address(this)).changeState(campaignId, l.interferenceState, l.destinationState);69}Recommendation:
We advise the system to ensure that the purchase phase has been explicitly configured by ensuring that the endingTimestamp is non-zero, preventing an uninitialized purchase phase to be considered as having elapsed.
Alleviation (71cda4ccfdcfa25fb96a4565f1f8143b350dd246):
The code properly ensures that an endingTimestamp has been configured for the relevant campaign, properly validating that the purchase phase has been defined.