Omniscia Euler Audit
EulDistributor Static Analysis Findings
EulDistributor Static Analysis Findings
EDR-01S: Inexistent Sanitization of Input Addresses
| Type | Severity | Location |
|---|---|---|
| Input Sanitization |  | EulDistributor.sol:L22, L36 |
Description:
The linked functions accept address arguments yet do not sanitize them.
Example:
22constructor(address eul_, address eulStakes_) {23 eul = eul_;24 eulStakes = eulStakes_;25 owner = msg.sender;26 Utils.safeApprove(eul_, eulStakes_, type(uint).max);27}28
29// Owner functions30
31modifier onlyOwner {32 require(msg.sender == owner, "unauthorized");33 _;34}35
36function transferOwnership(address newOwner) external onlyOwner {37 owner = newOwner;38}Recommendation:
We advise rudimentary sanitization to be introduced by ensuring that each address is not equal to the zero-address to prevent misconfiguration of the contract.
Alleviation:
The Euler team stated that they evaluated this exhibit but opted not to apply a remediation for it as they believe it to be redundant. We should note that this is a static analysis finding and particularly relates to the address(0) misconfiguration that can arise from zero-value input, the most common interface software issue.
EDR-02S: Inexistent Event Emission
| Type | Severity | Location |
|---|---|---|
| Standard Conformity |  | EulDistributor.sol:L36-L38 |
Description:
The linked code adjusts a sensitive contract variable yet does not emit an event for it.
Example:
36function transferOwnership(address newOwner) external onlyOwner {37 owner = newOwner;38}Recommendation:
We advise an event to be coded and correspondingly emitted whenever the function is invoked.
Alleviation:
An OwnerChanged event was introduced to the codebase and is correspondingly emitted in the linked instance.