UMA DR Adapter #1041
Open
UMA DR Adapter #1041
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+106
to
+136
| function registerDisputeResolver( | ||
| address payable _treasury, | ||
| string memory _metadataUri, | ||
| BosonTypes.DisputeResolverFee[] memory _disputeResolverFees, | ||
| uint256[] memory _sellerAllowList | ||
| ) external onlyOwner { | ||
| if (disputeResolverId != 0) revert AlreadyRegistered(); | ||
|
|
||
| BosonTypes.DisputeResolver memory disputeResolver = BosonTypes.DisputeResolver({ | ||
| id: 0, // Will be set by the protocol | ||
| escalationResponsePeriod: challengePeriod, | ||
| assistant: address(this), | ||
| admin: address(this), | ||
| clerk: address(0), // Deprecated field | ||
| treasury: _treasury, | ||
| metadataUri: _metadataUri, | ||
| active: true | ||
| }); | ||
|
|
||
| IBosonDisputeResolverHandler(BOSON_PROTOCOL).createDisputeResolver( | ||
| disputeResolver, | ||
| _disputeResolverFees, | ||
| _sellerAllowList | ||
| ); | ||
|
|
||
| (, BosonTypes.DisputeResolver memory registeredDR, , ) = IBosonDisputeResolverHandler(BOSON_PROTOCOL) | ||
| .getDisputeResolverByAddress(address(this)); | ||
|
|
||
| disputeResolverId = registeredDR.id; | ||
| emit DisputeResolverRegistered(disputeResolverId); | ||
| } |
Check warning
Code scanning / Slither
Reentrancy vulnerabilities Medium
Comment on lines
+106
to
+136
| function registerDisputeResolver( | ||
| address payable _treasury, | ||
| string memory _metadataUri, | ||
| BosonTypes.DisputeResolverFee[] memory _disputeResolverFees, | ||
| uint256[] memory _sellerAllowList | ||
| ) external onlyOwner { | ||
| if (disputeResolverId != 0) revert AlreadyRegistered(); | ||
|
|
||
| BosonTypes.DisputeResolver memory disputeResolver = BosonTypes.DisputeResolver({ | ||
| id: 0, // Will be set by the protocol | ||
| escalationResponsePeriod: challengePeriod, | ||
| assistant: address(this), | ||
| admin: address(this), | ||
| clerk: address(0), // Deprecated field | ||
| treasury: _treasury, | ||
| metadataUri: _metadataUri, | ||
| active: true | ||
| }); | ||
|
|
||
| IBosonDisputeResolverHandler(BOSON_PROTOCOL).createDisputeResolver( | ||
| disputeResolver, | ||
| _disputeResolverFees, | ||
| _sellerAllowList | ||
| ); | ||
|
|
||
| (, BosonTypes.DisputeResolver memory registeredDR, , ) = IBosonDisputeResolverHandler(BOSON_PROTOCOL) | ||
| .getDisputeResolverByAddress(address(this)); | ||
|
|
||
| disputeResolverId = registeredDR.id; | ||
| emit DisputeResolverRegistered(disputeResolverId); | ||
| } |
Check warning
Code scanning / Slither
Unused return Medium
Comment on lines
+106
to
+136
| function registerDisputeResolver( | ||
| address payable _treasury, | ||
| string memory _metadataUri, | ||
| BosonTypes.DisputeResolverFee[] memory _disputeResolverFees, | ||
| uint256[] memory _sellerAllowList | ||
| ) external onlyOwner { | ||
| if (disputeResolverId != 0) revert AlreadyRegistered(); | ||
|
|
||
| BosonTypes.DisputeResolver memory disputeResolver = BosonTypes.DisputeResolver({ | ||
| id: 0, // Will be set by the protocol | ||
| escalationResponsePeriod: challengePeriod, | ||
| assistant: address(this), | ||
| admin: address(this), | ||
| clerk: address(0), // Deprecated field | ||
| treasury: _treasury, | ||
| metadataUri: _metadataUri, | ||
| active: true | ||
| }); | ||
|
|
||
| IBosonDisputeResolverHandler(BOSON_PROTOCOL).createDisputeResolver( | ||
| disputeResolver, | ||
| _disputeResolverFees, | ||
| _sellerAllowList | ||
| ); | ||
|
|
||
| (, BosonTypes.DisputeResolver memory registeredDR, , ) = IBosonDisputeResolverHandler(BOSON_PROTOCOL) | ||
| .getDisputeResolverByAddress(address(this)); | ||
|
|
||
| disputeResolverId = registeredDR.id; | ||
| emit DisputeResolverRegistered(disputeResolverId); | ||
| } |
Check notice
Code scanning / Slither
Reentrancy vulnerabilities Low
Comment on lines
+158
to
+183
| function assertTruthForDispute( | ||
| uint256 _exchangeId, | ||
| uint256 _buyerPercent, | ||
| string memory _additionalInfo | ||
| ) external nonReentrant { | ||
| if (_buyerPercent > 10000) revert InvalidBuyerPercent(); | ||
|
|
||
| // Verify the dispute is escalated in Boson Protocol | ||
| (bool exists, BosonTypes.DisputeState state) = IBosonDisputeHandler(BOSON_PROTOCOL).getDisputeState( | ||
| _exchangeId | ||
| ); | ||
| if (!exists) revert InvalidExchangeId(); | ||
| if (state != BosonTypes.DisputeState.Escalated) revert DisputeNotEscalated(); | ||
|
|
||
| _validateAssignedDisputeResolver(_exchangeId); | ||
|
|
||
| if (exchangeToAssertion[_exchangeId] != bytes32(0)) revert AssertionAlreadyExists(); | ||
|
|
||
| bytes32 assertionId = _createUMAAssertion(_exchangeId, _buyerPercent, _additionalInfo); | ||
|
|
||
| assertionToExchange[assertionId] = _exchangeId; | ||
| exchangeToAssertion[_exchangeId] = assertionId; | ||
| assertionToBuyerPercent[assertionId] = _buyerPercent; | ||
|
|
||
| emit DisputeEscalatedToUMA(_exchangeId, assertionId, msg.sender); | ||
| } |
Check warning
Code scanning / Slither
Reentrancy vulnerabilities Medium
Comment on lines
+158
to
+183
| function assertTruthForDispute( | ||
| uint256 _exchangeId, | ||
| uint256 _buyerPercent, | ||
| string memory _additionalInfo | ||
| ) external nonReentrant { | ||
| if (_buyerPercent > 10000) revert InvalidBuyerPercent(); | ||
|
|
||
| // Verify the dispute is escalated in Boson Protocol | ||
| (bool exists, BosonTypes.DisputeState state) = IBosonDisputeHandler(BOSON_PROTOCOL).getDisputeState( | ||
| _exchangeId | ||
| ); | ||
| if (!exists) revert InvalidExchangeId(); | ||
| if (state != BosonTypes.DisputeState.Escalated) revert DisputeNotEscalated(); | ||
|
|
||
| _validateAssignedDisputeResolver(_exchangeId); | ||
|
|
||
| if (exchangeToAssertion[_exchangeId] != bytes32(0)) revert AssertionAlreadyExists(); | ||
|
|
||
| bytes32 assertionId = _createUMAAssertion(_exchangeId, _buyerPercent, _additionalInfo); | ||
|
|
||
| assertionToExchange[assertionId] = _exchangeId; | ||
| exchangeToAssertion[_exchangeId] = assertionId; | ||
| assertionToBuyerPercent[assertionId] = _buyerPercent; | ||
|
|
||
| emit DisputeEscalatedToUMA(_exchangeId, assertionId, msg.sender); | ||
| } |
Check notice
Code scanning / Slither
Reentrancy vulnerabilities Low
Comment on lines
+332
to
+342
| function _validateAssignedDisputeResolver(uint256 _exchangeId) internal view { | ||
| // it is already validated that there is a valid dispute for this exchange, so we assume exchange and offer exist | ||
| (, BosonTypes.Exchange memory exchange, ) = IBosonExchangeHandler(BOSON_PROTOCOL).getExchange(_exchangeId); | ||
| (, BosonTypes.Offer memory offer, , , , ) = IBosonOfferHandler(BOSON_PROTOCOL).getOffer(exchange.offerId); | ||
| (, , , , BosonTypes.DisputeResolutionTerms memory disputeResolutionTerms, ) = IBosonOfferHandler(BOSON_PROTOCOL) | ||
| .getOffer(offer.id); | ||
|
|
||
| if (disputeResolutionTerms.disputeResolverId != disputeResolverId) { | ||
| revert NotAssignedDisputeResolver(); | ||
| } | ||
| } |
Check warning
Code scanning / Slither
Unused return Medium
Comment on lines
+359
to
+398
| function _createUMAAssertion( | ||
| uint256 _exchangeId, | ||
| uint256 _buyerPercent, | ||
| string memory _additionalInfo | ||
| ) internal returns (bytes32 assertionId) { | ||
| // Get exchange and offer details | ||
| (, BosonTypes.Exchange memory exchange, ) = IBosonExchangeHandler(BOSON_PROTOCOL).getExchange(_exchangeId); | ||
| (, BosonTypes.Offer memory offer, , , , ) = IBosonOfferHandler(BOSON_PROTOCOL).getOffer(exchange.offerId); | ||
|
|
||
| // Create human-readable claim following UMA's example | ||
| bytes memory claim = abi.encodePacked( | ||
| "Boson Protocol dispute for exchange ", | ||
| Strings.toString(_exchangeId), | ||
| ": Buyer claims ", | ||
| Strings.toString(_buyerPercent), | ||
| "% of funds. ", | ||
| _additionalInfo, | ||
| " at timestamp ", | ||
| Strings.toString(block.timestamp) | ||
| ); | ||
|
|
||
| uint256 bond = UMA_ORACLE.getMinimumBond(offer.exchangeToken); | ||
| IERC20 exchangeToken = IERC20(offer.exchangeToken); | ||
|
|
||
| exchangeToken.transferFrom(msg.sender, address(this), bond); | ||
| exchangeToken.approve(address(UMA_ORACLE), bond); | ||
|
|
||
| bytes32 domainId = bytes32(_exchangeId); | ||
| assertionId = UMA_ORACLE.assertTruth( | ||
| claim, | ||
| msg.sender, | ||
| address(this), | ||
| address(0), // we don't use specific escalation manager, but use the default one (DVN). | ||
| challengePeriod, | ||
| exchangeToken, | ||
| bond, | ||
| UMA_ASSERTION_IDENTIFIER, | ||
| domainId | ||
| ); | ||
| } |
Check failure
Code scanning / Slither
Unchecked transfer High
Comment on lines
+359
to
+398
| function _createUMAAssertion( | ||
| uint256 _exchangeId, | ||
| uint256 _buyerPercent, | ||
| string memory _additionalInfo | ||
| ) internal returns (bytes32 assertionId) { | ||
| // Get exchange and offer details | ||
| (, BosonTypes.Exchange memory exchange, ) = IBosonExchangeHandler(BOSON_PROTOCOL).getExchange(_exchangeId); | ||
| (, BosonTypes.Offer memory offer, , , , ) = IBosonOfferHandler(BOSON_PROTOCOL).getOffer(exchange.offerId); | ||
|
|
||
| // Create human-readable claim following UMA's example | ||
| bytes memory claim = abi.encodePacked( | ||
| "Boson Protocol dispute for exchange ", | ||
| Strings.toString(_exchangeId), | ||
| ": Buyer claims ", | ||
| Strings.toString(_buyerPercent), | ||
| "% of funds. ", | ||
| _additionalInfo, | ||
| " at timestamp ", | ||
| Strings.toString(block.timestamp) | ||
| ); | ||
|
|
||
| uint256 bond = UMA_ORACLE.getMinimumBond(offer.exchangeToken); | ||
| IERC20 exchangeToken = IERC20(offer.exchangeToken); | ||
|
|
||
| exchangeToken.transferFrom(msg.sender, address(this), bond); | ||
| exchangeToken.approve(address(UMA_ORACLE), bond); | ||
|
|
||
| bytes32 domainId = bytes32(_exchangeId); | ||
| assertionId = UMA_ORACLE.assertTruth( | ||
| claim, | ||
| msg.sender, | ||
| address(this), | ||
| address(0), // we don't use specific escalation manager, but use the default one (DVN). | ||
| challengePeriod, | ||
| exchangeToken, | ||
| bond, | ||
| UMA_ASSERTION_IDENTIFIER, | ||
| domainId | ||
| ); | ||
| } |
Check warning
Code scanning / Slither
Unused return Medium
Comment on lines
+359
to
+398
| function _createUMAAssertion( | ||
| uint256 _exchangeId, | ||
| uint256 _buyerPercent, | ||
| string memory _additionalInfo | ||
| ) internal returns (bytes32 assertionId) { | ||
| // Get exchange and offer details | ||
| (, BosonTypes.Exchange memory exchange, ) = IBosonExchangeHandler(BOSON_PROTOCOL).getExchange(_exchangeId); | ||
| (, BosonTypes.Offer memory offer, , , , ) = IBosonOfferHandler(BOSON_PROTOCOL).getOffer(exchange.offerId); | ||
|
|
||
| // Create human-readable claim following UMA's example | ||
| bytes memory claim = abi.encodePacked( | ||
| "Boson Protocol dispute for exchange ", | ||
| Strings.toString(_exchangeId), | ||
| ": Buyer claims ", | ||
| Strings.toString(_buyerPercent), | ||
| "% of funds. ", | ||
| _additionalInfo, | ||
| " at timestamp ", | ||
| Strings.toString(block.timestamp) | ||
| ); | ||
|
|
||
| uint256 bond = UMA_ORACLE.getMinimumBond(offer.exchangeToken); | ||
| IERC20 exchangeToken = IERC20(offer.exchangeToken); | ||
|
|
||
| exchangeToken.transferFrom(msg.sender, address(this), bond); | ||
| exchangeToken.approve(address(UMA_ORACLE), bond); | ||
|
|
||
| bytes32 domainId = bytes32(_exchangeId); | ||
| assertionId = UMA_ORACLE.assertTruth( | ||
| claim, | ||
| msg.sender, | ||
| address(this), | ||
| address(0), // we don't use specific escalation manager, but use the default one (DVN). | ||
| challengePeriod, | ||
| exchangeToken, | ||
| bond, | ||
| UMA_ASSERTION_IDENTIFIER, | ||
| domainId | ||
| ); | ||
| } |
Check warning
Code scanning / Slither
Unused return Medium
Comment on lines
+359
to
+398
| function _createUMAAssertion( | ||
| uint256 _exchangeId, | ||
| uint256 _buyerPercent, | ||
| string memory _additionalInfo | ||
| ) internal returns (bytes32 assertionId) { | ||
| // Get exchange and offer details | ||
| (, BosonTypes.Exchange memory exchange, ) = IBosonExchangeHandler(BOSON_PROTOCOL).getExchange(_exchangeId); | ||
| (, BosonTypes.Offer memory offer, , , , ) = IBosonOfferHandler(BOSON_PROTOCOL).getOffer(exchange.offerId); | ||
|
|
||
| // Create human-readable claim following UMA's example | ||
| bytes memory claim = abi.encodePacked( | ||
| "Boson Protocol dispute for exchange ", | ||
| Strings.toString(_exchangeId), | ||
| ": Buyer claims ", | ||
| Strings.toString(_buyerPercent), | ||
| "% of funds. ", | ||
| _additionalInfo, | ||
| " at timestamp ", | ||
| Strings.toString(block.timestamp) | ||
| ); | ||
|
|
||
| uint256 bond = UMA_ORACLE.getMinimumBond(offer.exchangeToken); | ||
| IERC20 exchangeToken = IERC20(offer.exchangeToken); | ||
|
|
||
| exchangeToken.transferFrom(msg.sender, address(this), bond); | ||
| exchangeToken.approve(address(UMA_ORACLE), bond); | ||
|
|
||
| bytes32 domainId = bytes32(_exchangeId); | ||
| assertionId = UMA_ORACLE.assertTruth( | ||
| claim, | ||
| msg.sender, | ||
| address(this), | ||
| address(0), // we don't use specific escalation manager, but use the default one (DVN). | ||
| challengePeriod, | ||
| exchangeToken, | ||
| bond, | ||
| UMA_ASSERTION_IDENTIFIER, | ||
| domainId | ||
| ); | ||
| } |
Check warning
Code scanning / Slither
Unused return Medium
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
close #1006