Omniscia Hot Cross Audit

RewardVault Manual Review Findings

RewardVault Manual Review Findings

RVT-01M: Unsanitized Input

Description:

The _rewardToken variable is not sanitized in the same way it is done so in CrossPool.

Example:

contracts/RewardVault.sol
18function initialize(IBEP20 _rewardToken) public initializer {
19 __Ownable_init();
20 rewardToken = _rewardToken;
21}

Recommendation:

We advise the same sanitization to be applied to ensure that no misconfiguration of the system can occur.

Alleviation:

The _rewardToken variable is properly sanitized via the isContract function of the Misc library.