The natspec in the IExecutor{} interface of IExecutor.sol is confusing as to whether it is intended for the ExecutorArgs struct or the Executed event. Furthermore the params names don't match. The natspec uses an underscore where the struct and the event do not. In addition transferId and recovery are missing from the natspec documentation.
Complete natspec documentation for functions and events identified above. I tried not to be pedantic here and focused only on functions that had some form of natspec param documentation assuming they were important and more accurate documentation would help.
The nonce or _nonce value is is passed to numerous handle() functions throughout the code base sufficing the IMessageRecipient{} interface. However there seems to be no requirement for it in BridgeFacet.sol and it should be documented as unused similar to the Nomad GovernanceRouter.solhandle() function i.e. uint32, // nonce (unused).
_reconcileProcessPortal() is called within the _reconcile() function in BridgeFacet.sol. The first router in the path is passed to the function _reconcileProcessPortal(amount, token, routers[0], transferId);. If reconciling portal payments is not related to the router that took on the credit risk then remove routers[0] from the _reconcile() function and from the _reconcileProcessPortal() function definition.
The comment suggests this is more of an issue than just an unused local variable (I'll raise this as a medium bug). However for this Q&A report suffice to say that either the variable should be ommitted with (bool success, uint256 amountIn, _) = AssetLogic.swapFromLocalAssetIfNeededForExactOut(.. or the medium bug is true and adopted should be used instead of _local for the rest of the function.
_router should either be used in the function body or removed.
Require with empty error messages
Issue
Multicall.sol
L18 has a require statement with an empty message - providing no reason as to why it might revert;Remediation
Ensure that each require statement has a clear message for why it failed.
Incomplete natspec documentation or missing params
Issue
The following natspec comments have missing params or incomplete documentation;
XCalled()
event inBridgeFacet.sol
has no parameter documentation despite the very next eventReconciled()
having complete param documentation.RouterLiquidityAdded()
event inRoutersFacet.sol
is missing param documentation forcanonicalId
in the natspec.swapExact()
function inStableSwapFacet.sol
is missing param documentation forminAmountOut
anddeadline
in natspec.swapExactOut()
function inStableSwapFacet.sol
is missing param documentation formaxAmountIn
anddeadline
in natspec.setupAsset()
function inAssetFacet.sol
is missing param documentation for_stableSwapPool
in natspec.repayAavePortal()
function inPortalFacet.sol
is missing param documentation for_transferId
in natspec.IExecutor{}
interface ofIExecutor.sol
is confusing as to whether it is intended for theExecutorArgs
struct or theExecuted
event. Furthermore the params names don't match. The natspec uses an underscore where the struct and the event do not. In additiontransferId
andrecovery
are missing from the natspec documentation.swapFromLocalAssetIfNeededForExactOut()
function inAssetLogic.sol
is missing param documentation for_maxIn
in natspec._swapAsset()
function inAssetLogic.sol
is missing param documentation for_slippageTol
in natspec._swapAssetOut()
function inAssetLogic.sol
is missing param documentation for_maxIn
in natspec.ExecuteArgs
struct inLibConnextStorage.sol
is missing param documentation forrouterSignatures
in natspec.RouterPermissionsManagerInfo
struct inLibConnextStorage.sol
is missing param documentation forapprovedForPortalRouters
in natspec.Remediation
Complete natspec documentation for functions and events identified above. I tried not to be pedantic here and focused only on functions that had some form of natspec param documentation assuming they were important and more accurate documentation would help.
Unused local variables
Issue
nonce
value passed to thehandle()
function inBridgeFacet.sol
is never used._router
value passed to the_reconcileProcessPortal()
function inBridgeFacet.sol
is never used.adopted
value returned fromAssetLogic.swapFromLocalAssetIfNeededForExactOut()
inPortalFacet.sol
is never used._router
value passed torepayAavePortalFor()
inPortalFacet.sol
is never used.Remediation
nonce
or_nonce
value is is passed to numeroushandle()
functions throughout the code base sufficing theIMessageRecipient{}
interface. However there seems to be no requirement for it inBridgeFacet.sol
and it should be documented asunused
similar to the NomadGovernanceRouter.sol
handle()
function i.e.uint32, // nonce (unused)
._reconcileProcessPortal()
is called within the_reconcile()
function inBridgeFacet.sol
. The first router in the path is passed to the function_reconcileProcessPortal(amount, token, routers[0], transferId);
. If reconciling portal payments is not related to the router that took on the credit risk then removerouters[0]
from the_reconcile()
function and from the_reconcileProcessPortal()
function definition.(bool success, uint256 amountIn, _) = AssetLogic.swapFromLocalAssetIfNeededForExactOut(..
or the medium bug is true andadopted
should be used instead of_local
for the rest of the function._router
should either be used in the function body or removed.