Omniscia Nexera Audit
ReceiveAllNonPurchasedWrappedAssetsFacet Manual Review Findings
ReceiveAllNonPurchasedWrappedAssetsFacet Manual Review Findings
RAN-01M: Inexistent Application of Call States
| Type | Severity | Location |
|---|---|---|
| Logical Fault |  | ReceiveAllNonPurchasedWrappedAssetsFacet.sol: • I-1: L26 • I-2: L28-L30 |
Description:
The referenced function implementations are meant to be invoked via delegatecall operations of the protocol's Diamond implementation yet do not apply any modifiers.
Impact:
As the functions are empty, the enforcement of those modifiers is a matter of standardization rather than security.
Example:
packages/contracts/contracts/subInternalFacets/receiveNonPurchasedWrappedAssetsFacets/doReceiveNonPurchasedWrappedAssetsFacets/receiveAllNonPurchasedWrappedAssets/ReceiveAllNonPurchasedWrappedAssetsFacet.sol
26function initDoReceiveNonPurchasedWrappedAssetsFacet(bytes calldata initDoReceiveNonPurchasedWrappedAssetsData) external {}27
28function setAndCheckDoReceiveNonPurchasedWrappedAssets(29 bytes calldata postFractionDoReceiveNonPurchasedWrappedAssetsData30) external {}Recommendation:
We advise the appropriate DelegateCallee modifiers to be enforced, preventing unauthorized access of those functions.
Alleviation (d682057ecb0e254069773d64f32c068cedb71e2a):
The expected call states of each function are now appropriately enforced via the DelegateCallee dependency.