Finding
Contract NatSpec claims "manages a beacon set" but exposes no management function.
Location: src/concrete/deploy/PythOracleAdapterBeaconSetDeployer.sol:32-33.
/// @notice Deploys and manages a beacon set for PythOracleAdapter contracts.
The contract only deploys the beacon (in the constructor) and deploys proxies that point at it. There is no upgrade path, no admin transfer, no setter, no reference to the beacon owner stored in this contract. After construction this contract is a pure factory + immutable beacon-address holder.
This is a Pass 5 finding because the NatSpec asserts management capability that does not exist — relevant for SPEC §15 because beacon ownership is the most security-critical surface of the pattern.
Severity
INFO — same root cause as A04p5-1 / A05p5-4 / A02p5-1 / A07's analogous wording. Documented separately because filing rules treat each file as its own agent.
Proposed Fix
Apply the rewording from A04p5-1 to this file (and to OracleRegistryBeaconSetDeployer.sol, MorphoProtocolAdapterBeaconSetDeployer.sol, PassthroughProtocolAdapterBeaconSetDeployer.sol) in a single PR for consistency.
Finding
Contract NatSpec claims "manages a beacon set" but exposes no management function.
Location:
src/concrete/deploy/PythOracleAdapterBeaconSetDeployer.sol:32-33.The contract only deploys the beacon (in the constructor) and deploys proxies that point at it. There is no upgrade path, no admin transfer, no setter, no reference to the beacon owner stored in this contract. After construction this contract is a pure factory + immutable beacon-address holder.
This is a Pass 5 finding because the NatSpec asserts management capability that does not exist — relevant for SPEC §15 because beacon ownership is the most security-critical surface of the pattern.
Severity
INFO — same root cause as A04p5-1 / A05p5-4 / A02p5-1 / A07's analogous wording. Documented separately because filing rules treat each file as its own agent.
Proposed Fix
Apply the rewording from A04p5-1 to this file (and to
OracleRegistryBeaconSetDeployer.sol,MorphoProtocolAdapterBeaconSetDeployer.sol,PassthroughProtocolAdapterBeaconSetDeployer.sol) in a single PR for consistency.