peanuts
high
When there is a nested function, the roles for each function changes, which might lead to function revert.
In createFromRouter(), the onlyRole(ROUTER_ROLE) modifier is required. The notice states that this function can only be called by router
* @notice Creates an option with the specified parameters
* @dev Can only be called by router
*/
function createFromRouter(
OptionParams calldata optionParams,
bool isReferralValid
) external override onlyRole(ROUTER_ROLE) returns (uint256 optionID) {
However, in the function, it does a nested call to pool.lock(),
pool.lock(optionID, option.lockedAmount, option.premium);
which has a new set of modifier, onlyRole(OPTION_ISSUER_ROLE). This function can only be called by BufferCallOptions as stated in the notice.
* @notice Called by BufferCallOptions to lock the funds
* @param id optionId
* @param tokenXAmount Amount of funds that should be locked in an option
* @param premium Premium paid to liquidity pool to lock the above funds
*/
function lock(
uint256 id,
uint256 tokenXAmount,
uint256 premium
) external override onlyRole(OPTION_ISSUER_ROLE) {
The function, lock(), is external. This means that the OPTION_ISSUER_ROLE can call it. However, the function aforementioned, createFromRouter(), is unable to call this lock() function.
Funds cannot be locked and options cannot start.
Manual Review
Make sure that the roles are aligned. Also, I think that the protocol is referring to BufferBinaryOptions instead of BufferCallOptions (which does not exist as a contract)