Omniscia GoGo Audit

StakingRewardsLP Static Analysis Findings

StakingRewardsLP Static Analysis Findings

SRL-01S: Inexistent Zero Address Validation

Description:

The linked address arguments are not properly sanitized against the zero-address, the default value that can result from off-chain software misbehaviour.

Example:

contracts/staking/StakingRewardsLP.sol
54constructor(
55 address _rewardsDistribution,
56 address _rewardsToken,
57 address _stakingToken,
58 address _buybackAddress
59) {
60 rewardsToken = IERC20(_rewardsToken);
61 stakingToken = IERC20(_stakingToken);
62 rewardsDistribution = _rewardsDistribution;
63 buybackAddress = _buybackAddress;
64}

Recommendation:

We advise them to be properly validated by introducing a corresponding require check ensuring they are different from address(0) preventing any contract misconfiguration from occuring.

Alleviation:

The GoGo team considered this exhibit but opted not to apply a remediation for it in the current iteration of the codebase.

SRL-02S: Inexistent Event Emission

TypeSeverityLocation
Language SpecificInformationalStakingRewardsLP.sol:L331

Description:

The setRewardsDistributionAddress function adjusts a sensitive contract variable yet does not emit an event for it.

Example:

contracts/staking/StakingRewardsLP.sol
327function setRewardsDistributionAddress(address newDistributionAddress)
328 external
329 onlyOwner
330{
331 rewardsDistribution = newDistributionAddress;
332}

Recommendation:

We advise an event to be coded and emitted for this particular variable to ensure off-chain code can properly detect such a change and react accordingly.

Alleviation:

The GoGo team considered this exhibit but opted not to apply a remediation for it in the current iteration of the codebase.