Omniscia rain protocol Audit
CombineTier Manual Review Findings
CombineTier Manual Review Findings
CTR-01M: Potential Sanitization of VM State Configuration
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | CombineTier.sol:L45 |
Description:
The initialize function does not apply any sanitization on the input StateConfig while it expects at least one source to be defined as evidenced by the eval execution of report.
Example:
contracts/tier/CombineTier.sol
45function initialize(StateConfig memory config_) external initializer {46 vmStatePointer = VMState.snapshot(VMState.newState(config_));47}Recommendation:
We advise some form of sanitization to be imposed, at minimum a guarantee that at least once source has been defined in the sources array of StateConfig, to prevent misconfiguration of the contract.
Alleviation:
The newState function of the VMState implementation was updated to perfom validation that at least one source has been defined thereby alleviating this exhibit.