Omniscia Evergon Labs Audit

ReceiveSkeletonNID Manual Review Findings

RSI-01M: Inexistent Integration of NID System

Type	Severity	Location
Logical Fault		ReceiveSkeletonNID.sol:L42

Description:

The ReceiveSkeletonNID inherits from the TxAuthDataVerifierFacet yet does not apply the TxAuthDataVerifierFacet::requireTxDataAuth modifier to the ReceiveSkeletonNID::receiveFunds function.

Impact:

The ReceiveSkeletonNID::receiveFunds function does not actually integrate the NID transaction data authorization system.

Example:

packages/contracts/contracts/skeletonFacets/NID/ReceiveSkeletonNID.sol

37/**
38 * @notice ReceiveFunds
39 * @dev Called by funds receiver to receive funds gathered on purchase phase.
40 * @param campaignId The state campaignId.
41 */
42function receiveFunds(uint256 campaignId) external onlyExternalDelegateCall {
43    IReceiveStateFacet(address(this)).checkReceiveState(campaignId);
44    address account = ERC2771RecipientStorage.layout()._msgSender();
45    IDoReceiveFacet(address(this)).doReceive(campaignId, account);
46
47    emit FundsReceived(campaignId, account);
48}

Recommendation:

We advise it to be properly applied, ensuring that the NID system's data authorization mechanism is properly integrated.

Alleviation (71cda4ccfdcfa25fb96a4565f1f8143b350dd246):

The proper TxAuthDataVerifierFacet::requireTxDataAuth modifier is imposed by the function in the latest implementation, addressing this exhibit.

Omniscia Evergon Labs Audit

ReceiveSkeletonNID Manual Review Findings

ReceiveSkeletonNID Manual Review Findings

RSI-01M: Inexistent Integration of NID System

Description:

Impact:

Example:

Recommendation:

Alleviation (71cda4ccfdcfa25fb96a4565f1f8143b350dd246):

ReceiveAllGatheredFundsFacet.sol (RAG-M)

ReturnFungAndSemiFungFractionsOmnichainFacet.sol (RFS-M)

On this page