Omniscia Evergon Labs Audit

MarginCallSubSkeletonNID Manual Review Findings

MarginCallSubSkeletonNID Manual Review Findings

MCN-01M: Inexistent Integration of NID System

Description:

The MarginCallSubSkeletonNID inherits from the TxAuthDataVerifierFacet yet does not apply the TxAuthDataVerifierFacet::requireTxDataAuth modifier to the MarginCallSubSkeletonNID::addMargin function.

Impact:

The MarginCallSubSkeletonNID::addMargin function does not actually integrate the NID transaction data authorization system.

Example:

packages/contracts/contracts/subSkeletonFacets/NID/MarginCallSubSkeletonNID.sol
39/**
40 * @notice AddMargin
41 * @dev Called by users to avoid liquidation by adding margin
42 * @param campaignId The ID of the associated fractions
43 * @param marginAmount The amount to add as margin
44 */
45function addMargin(uint256 campaignId, uint256 marginAmount) external onlyExternalDelegateCall {
46    IMarginCallStateFacet(address(this)).checkMarginCallState(campaignId);
47    IMarginCallTimeFacet(address(this)).checkMarginCallTimes(campaignId);
48    address account = ERC2771RecipientStorage.layout()._msgSender();
49    IMarginCallAmountFacet(address(this)).handleMarginCallAmounts(campaignId, marginAmount);
50    IDoAddMarginFacet(address(this)).doAddMargin(campaignId, account, marginAmount);
51

52    emit MarginAdded(campaignId, account, marginAmount);
53}

Recommendation:

We advise it to be properly applied, ensuring that the NID system's data authorization mechanism is properly integrated.

Alleviation (71cda4ccfdcfa25fb96a4565f1f8143b350dd246):

The proper TxAuthDataVerifierFacet::requireTxDataAuth modifier is imposed by the function in the latest implementation, addressing this exhibit.

Prev

LiquidationForceUnlockFacet.sol (LFU-M)

Next

OneBorderTimeFacetStorage.sol (OBF-M)

On this page