Omniscia Nexera Audit
PostPurchaseStakeFacet Manual Review Findings
PostPurchaseStakeFacet Manual Review Findings
PPS-01M: Inexplicable Specification of Payable Modifier
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | PostPurchaseStakeFacet.sol:L61 |
Description:
The referenced payable modifier introduced to the PostPurchaseStakeFacet::handlePostPurchasePhase function does not appear to be valid as no native funds are utilized within its complex call paths.
Impact:
The PostPurchaseStakeFacet::handlePostPurchasePhase function will accept native funds incorrectly as it does not utilize them.
Example:
packages/contracts/contracts/internalFacets/purchasePhaseFacets/postPurchaseFacets/stakeFractions/PostPurchaseStakeFacet.sol
53/// @inheritdoc IPostPurchaseFacet54function handlePostPurchasePhase(55 uint256 campaignId,56 uint256 amountOfFractions,57 uint256,58 uint32,59 address msgSender,60 bytes calldata data61) external payable onlyInternalDelegateCall {62 PostPurchaseStakeFacetStorage.layout().handlePostPurchasePhase(campaignId, amountOfFractions, msgSender, data);63
64 emit PostPurchasePhaseHandled(campaignId, amountOfFractions, msgSender);65}Recommendation:
We advise the payable modifier to be omitted, optimizing the code's clarity and preventing fund loss.
Alleviation (d682057ecb0e254069773d64f32c068cedb71e2a):
The Nexera team evaluated this exhibit, and opted to retain the payable modifier to comply with the contract's interface whilst ensuring that the msg.value of the PostPurchaseStakeFacet::handlePostPurchasePhase function is 0.
As such, we consider this exhibit alleviated.