Omniscia Evergon Labs Audit

PostPurchaseStakeFacet Manual Review Findings

PPS-01M: Inexistent Integration of EIP-2771 Caller

Type	Severity	Location
Standard Conformity		PostPurchaseStakeFacet.sol:L27-L31

Description:

The overall Evergon Labs tokenizer will integrate the ERC2771RecipientStorage system to evaluate a function's caller yet the PostPurchaseStakeFacet::setPostPurchaseStakeFacet does not do so.

Impact:

The PostPurchaseStakeFacet represents one of a few if not the only facet that does not integrate the EIP-2771 standard for caller validation.

Example:

packages/contracts/contracts/internalFacets/purchasePhaseFacets/postPurchaseFacets/stakeFractions/PostPurchaseStakeFacet.sol

27function setPostPurchaseStakeFacet(uint256 campaignId, bytes calldata setPostPurchaseStakeData) external onlyExternalDelegateCall {
28    if (msg.sender != GeneralStorage.layout().infoForId[campaignId].creator) revert SetFromNonCreatorAccount(msg.sender);
29
30    PostPurchaseStakeFacetStorage.layout().setPostPurchaseStakeFacet(campaignId, setPostPurchaseStakeData);
31}

Recommendation:

We advise the same approach to be utilized, permitting EIP-2771 creators to interact with the PostPurchaseStakeFacet::setPostPurchaseStakeFacet function.

Alleviation (71cda4ccfdcfa25fb96a4565f1f8143b350dd246):

The EIP-2771 based caller is utilized for the PostPurchaseStakeFacet::setPostPurchaseStakeFacet function call, alleviating this exhibit.

Omniscia Evergon Labs Audit

PostPurchaseStakeFacet Manual Review Findings

PostPurchaseStakeFacet Manual Review Findings

PPS-01M: Inexistent Integration of EIP-2771 Caller

Description:

Impact:

Example:

Recommendation:

Alleviation (71cda4ccfdcfa25fb96a4565f1f8143b350dd246):

OneBorderTimeFacetStorage.sol (OBF-M)

PostPurchaseStakeFacetStorage.sol (PPF-M)

On this page