OmnichainERC20Transfers Manual Review Findings

OEC-01M: Improper Allowance Bypass

Type	Severity	Location
Logical Fault		OmnichainERC20Transfers.sol:L135, L137

Description:

The OmnichainERC20Transfers::_transferFromSingleChainSkipAllowance function implementation is meant to bypass allowance checks for usage in recovery situations such as FractionERC20RecoveryDataManager, however, it fails to invoke the OmnichainERC20Transfers::_beforeSingleChainTransfer function hook as well resulting in significant issues within downstream contracts.

Impact:

As the Nexera ODC system is meant to be composable and a dependency for many projects, any system that relies on OmnichainERC20Transfers::_beforeSingleChainTransfer function invocations for accounting (i.e. rewards, staking) will fail to function as expected in recovery scenarios.

Example:

Copy
133function _transferFromSingleChain(address from, address to, uint256 amount) private returns (bool) {
134    _spendAllowance(from, _msgSender(), amount);
135    _beforeSingleChainTransfer(from, to, amount);
136
137    return _transferFromSingleChainSkipAllowance(from, to, amount);
138}
139
140function _transferFromSingleChainSkipAllowance(address from, address to, uint256 amount) internal returns (bool) {
141    if (from == address(0)) {
142        revert ERC20InvalidSender(address(0));
143    }
144
145    _writeSingleChainTransfer(from, to, amount);
146
147    emit Transfer(from, to, amount);
148    return true;
149}

Recommendation:

We advise the OmnichainERC20Transfers::_beforeSingleChainTransfer function to be invoked regardless, ensuring derivative contracts that are recoverable properly accommodate for recovery scenarios within it.

Alleviation:

The OmnichainERC20Transfers::_beforeSingleChainTransfer function has been relocated to the OmnichainERC20Transfers::_transferFromSingleChainSkipAllowance implementation, ensuring it is consistently invoked as expected.