Omniscia Myso Finance Audit
Router Manual Review Findings
Router Manual Review Findings
RRE-01M: Inexistent Support of Underlying Token Fee Fulfillment
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | Router.sol:L195-L201, L204-L208 |
Description:
The Router::exercise function permits the caller to exercise an option without supplying payment in the settlement token, however, the capture of fees always occurs in the settlement token thereby causing the caller to necessitate settlement token funds regardless of how they exercise their option.
Impact:
The system does not presently support underlying-token-only option exercises due to capturing fees in the settlement token denomination under all cases.
Example:
174function exercise(175 address escrow,176 address underlyingReceiver,177 uint256 underlyingAmount,178 bool payInSettlementToken,179 bytes[] memory oracleData180) external {181 if (!isEscrow[escrow]) {182 revert Errors.NotAnEscrow();183 }184 (185 address settlementToken,186 uint256 settlementAmount,187 uint256 exerciseFeeAmount188 ) = IEscrow(escrow).handleExercise(189 msg.sender,190 underlyingReceiver,191 underlyingAmount,192 payInSettlementToken,193 oracleData194 );195 if (payInSettlementToken) {196 IERC20Metadata(settlementToken).safeTransferFrom(197 msg.sender,198 IEscrow(escrow).owner(),199 settlementAmount200 );201 }202 address _feeHandler = feeHandler;203 if (_feeHandler != address(0) && exerciseFeeAmount > 0) {204 IERC20Metadata(settlementToken).safeTransferFrom(205 msg.sender,206 feeHandler,207 exerciseFeeAmount208 );209 IFeeHandler(_feeHandler).provisionFees(210 settlementToken,211 exerciseFeeAmount212 );213 }214 emit Exercise(215 msg.sender,216 escrow,217 underlyingReceiver,218 underlyingAmount,219 exerciseFeeAmount220 );221}Recommendation:
We advise the system to permit underlying-only option exercises by permitting the fee to be captured in either the settlement or the underlying token.
Alleviation (d9eb549dcca601db1fa91336ebe4d08fa8f2908b):
The Myso Finance team evaluated this exhibit and opted to acknowledge it as desirable behaviour given that they wish "outside capital" to be utilized to fulfil exercise fees.
As such, we consider this exhibit nullified as it describes the system's intended design.
RRE-02M: Potentially Unsupported Legacy EIP-1271 Wallets
| Type | Severity | Location |
|---|---|---|
| Standard Conformity | | Router.sol:L24-L25, L731-L741 |
Description:
The EIP-1271 standard has undergone several iterations and certain Gnosis wallets support the legacy 0x20c13b0b function selector as a magic value that equates the old bytes4(keccak256("isValidSignature(bytes,bytes)")) implementation.
Impact:
A subset of legacy EIP-1271 implementors will not be compatible with the Router contract due to utilizing a legacy function selector and magic value for their EIP-1271 signature validation flows.
Example:
726function _checkEIP1271Signature(727 address erc1271Wallet,728 bytes32 msgHash,729 bytes calldata signature730) internal view returns (bool isValid) {731 (bool success, bytes memory returnData) = erc1271Wallet.staticcall(732 abi.encodeWithSelector(733 EIP1271_IS_VALID_SELECTOR,734 msgHash,735 signature736 )737 );738 if (success && returnData.length == 32) {739 bytes4 result = abi.decode(returnData, (bytes4));740 return result == 0x1626ba7e;741 }742 return false;743}Recommendation:
We advise the system to support both EIP-1271 systems ensuring wider compatibility of the EIP-1271 signature verification workflow.
Alleviation (d9eb549dcca601db1fa91336ebe4d08fa8f2908b):
The Myso Finance team evaluated this exhibit and stated that they wish to acknowledge it as they consider legacy EIP-1271 wallets to be out-of-scope of the MYSO v3 implementation.