Omniscia Nuklai Audit
ERC20SubscriptionManager Manual Review Findings
ERC20SubscriptionManager Manual Review Findings
ERC-01M: Inexistent Prevention of Native Funds
Type | Severity | Location |
---|---|---|
Language Specific | ERC20SubscriptionManager.sol:L91-L96 |
Description:
The ERC20SubscriptionManager::_charge
function will not prevent native funds from being sent alongside the call the function is executed in, resulting in the GenericSingleDatasetSubscriptionManager::subscribe
and GenericSingleDatasetSubscriptionManager::extendSubscription
functions locking all native funds that may be accidentally sent when they are invoked.
Impact:
It is presently possible to lock funds in the ERC20SubscriptionManager
by supplying native funds in either the GenericSingleDatasetSubscriptionManager::subscribe
or GenericSingleDatasetSubscriptionManager::extendSubscription
functions.
Example:
91function _charge(address subscriber, uint256 amount) internal override {92 token.safeTransferFrom(subscriber, address(this), amount);93 address distributionManager = dataset.distributionManager(datasetId);94 token.approve(distributionManager, amount);95 IDistributionManager(distributionManager).receivePayment(address(token), amount);96}
Recommendation:
We advise the code to introduce a require
check, ensuring that the msg.value
of the call is 0
to prevent native funds from being accidentally locked in the ERC20SubscriptionManager
.
Alleviation (fb50b5c39665f7df086b2de1fdbf93ba2d836bf9):
The ERC20SubscriptionManager::_charge
function was correctly updated to prevent a non-zero msg.value
from being passed in the call it is invoked in, ensuring no funds can be locked as part of the GenericSingleDatasetSubscriptionManager
execution flows.